WD Mybook Live NAS remotely wiped clean

I Have been meaning to get a new NAS for some time, this mail from WD has made a upgrade more urgent, any suggestions for small secure NAS 2-4 TB appreciated

“Our records indicate that you registered a My Book Live or My Book Live Duo device. To protect your data on the device from ongoing attacks, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet and access your data locally by followin”

The usual forum favs Synology or QNAP are the ones to look at.
Both have secure network protection systems & a wide range or options to suit whatever your preferences and/or budget are.
Both can be used with world leading Asset UPnP or Minimserver media server software.
When you say small, both have 1-bay which is perfectly OK for audio only, that said most will choose 2-bay or maybe more.

Thanks Mike, I use the current WD for photos and music and to stream to n272 and Sonos via twonky, only s small amount of storage needed much less than 1tb, the files are also on imac and somewhere on iCloud.

From my perspective, and I do work with secure systems so might be slightly too restrictive for you, but I would recommend a NAS with minimum required if any internet access, and have minimum applications running it.
Following good security hygiene practice you want to minimise it’s exposure to future prankster coders.
A NAS with many applications and services running on it is just asking for trouble, despite what the manufacturers say.
A small Netgear can be effective, with no web services or applications enabled.

The next level of safety, if you have content of high value or time to recover, is if you also can use a device and applications that use ipv6 Link local (fe80::/64) and NOT ipv4 can challenge some malware. Ipv6 for LANs can be more secure and hidden that legacy ipv4. Though you will likely do manual firmware updates… as your device will now be isolated from the internet.
HoweverNaim doesn’t yet support ipv6, which is in my opinion is poor, so you will need a seperate UPnP server that supports ipv6 and ipv4 if you use a secure ipv6 RFI 3041 only NAS with your Naim… so might not be practical with Naim at this time…

But if you had a NAS with other high value content it might be a consideration.

1 Like

Thanks Simon, To enable the nas to be discovered as upnp device by nac272/Sonos I think it has to be connected to my router? would there be a setting in the net gear nas to prevent it being accessible by external hackers, however if the device needs an update then I guess it will need to connect.
I’m hoping WD will issue a fix, apparently the hacker just wipes the nas clean via reset, no ransom demands not malware uploaded apparently.
There has been a lot of victims, there are some tech articles about the issue which say this is due to a weakness in the way wd drives work I.e ability to control remotely

What kind of router do you have? A number of routers also have an integrated UPnP server that you can enable by connecting a USB drive to them. I’ve used this approach for a while with my Netgear R7000 router and it actually worked quite well, it would suffice for most common scenarios i think.

Hi… hacking is typically quite involved and varied… in short almost certainly your router will be providing a state full firewal already and only allowing return traffic in response to originated traffic… that is very effective for stopping unwanted external network access to your LAN.

These days however a big threat is from malware… this is hidden code that gets deposited from a compromised email or web site server… this code then can break off and lie in a device on your network … perhaps most likely the device that accessed the compromised web service or email. This malware can collect data and send it elsewhere.
Now malware detection hygiene services on macs and PCs can often detect or warn of such things at least more obvious malware. However devices such as NAS are typically less robust as they are not typically optimised for this behaviour. Hence my recommendation of running as few external facing services as possible on your NAS.

Most broadband routers can’t prevent malware and state full firewalls don’t stop malware, but using a link local address for a device on your LAN ensures that a device can only access and be accessed locally on your subnet and not talk to the internet… hence it itself becomes isolated from the internet.

1 Like

Thanks for reply I have BT smart hub 2

Thanks Simon I look into link local address for the new nas

It seems to have a USB port that could be used for this purpose:

Yes that has an effective state full firewall, and you should be confident if any significant vulnerabilities are discovered, it will be patched relatively quickly and automatically

I also received this email, when I clicked on the link to find out how to prevent my WD Nas accessing the internet (thinking I would be taken to specific instructions) instead it to me to a WD generic support page. Not very helpful

Official support for the MyBook Live devices ended i believe in 2015 (6 years ago), so it’s more or less just a courtesy from WD to inform customers about these current issues…

I think they recommend to disconnect nas from router then connect to computer to copy over stored files from nas, then maybe put into retirement……

Another email this morning from wd offering support to recover data and proposed discount scheme to upgrade to new nas

Wow, the source code of this hack:


Since 2011 there was code on these devices that allows an administrator to perform remote actions such as factory resets. However, the part of the code that checks whether someone actually has priviliges to perform these actions was commented out, so anyone could run these remote commands as an administrator, as long as the device was reachable over the internet:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }
1 Like


I also like the wonderfully named variable $ouputFormat

1 Like

Assuming that was known, that is appalling that vulnerability was not patched. I really points to lack of integrity, trust and competence of the manufacturer.

1 Like

Inexcusable if it was known, but in some ways worse if it wasn’t.