Help! All data in mybook live gone and owner password unknown

orion is a bunch of services. The key one is communicationmanagerd which tunnels back to wd2go. The reverse tunnel is how the hackers are able to hit the REST API.

It’s not a UPNP issue as some speculated. When the tunnel is established, mybooklive.deviceXXXXXX.wd2go.com maps back to your WAN IP address (where XXXXXX is the deviceID for your NAS). The attacker starts by iterating thru device IDs finding those DNS names that resolve to an IP address.

You would think that Western Digital would learn the lesson that Sonos did when they tried to stop security updates to legacy products.

After the backlash their stock prices dropped.

More of us need to post to social media networks and get the word out.

Do I understand correctly, if the “Remote control” option is enabled, then my NAS talks regularly to WD and “registers” it. Then the DNS A-record of mybooklive.deviceXXXXXX.wd2go.com will be changed to my current WAN IP.

So, hackers can iterate all WD devices by brute-forcing all “XXXX” of the domain mybooklive.deviceXXXXXX.wd2go.com .

But how can they access the REST API when there is no explicit port forwarding? And without UPnP?

do I need a double bay? I only have a single cable/adapter. is it possible to do one HD after the other?

Since most cable/DSL modems act as firewalls and do NAT’ing, the reverse tunnel is the easiest way to provide remote access.

I just looked and can confirm.

I am amazed how much you know about the MBL. Did you disassemble the communicationmanager ELF binary ?
If am sorry if my question is stupid, but can anybody use that reverse tunnel when they know the device ID? This would mean that the REST API of every device can be accessed (if RemoteControl is enabled) even if UPnP is off?

I think they sent that to all of us, quite possibly as we are now registered here with contact details and have commented on the thread regarding data loss

I own a MBL and was unaffected. I never received an email. Either I forgot to register when I bought it, or they are aware who was affected.

No dracenmarx, I was not affected but they have my email because I registered the product

Okay, thank you for the information. Then I have most likely forgotten to register back then.

You can fix the typo but it won’t change anything. /etc/nas/config/orion-resources.conf should have CONFIG_STATUS=“pro”

Yes, if UPNP is off and Remote Access is on, the communicationmangerd is running. You can manually stop the daemon and see the external hits on your NAS die off.

@hightower I guess if your mother device (PC or Laptop) has enough memory to store the found files then I would assume no you only need one station, but please understand I am no expert and others might tell us both different !! I bought a double bay as I thought that would be the easiest thing to do. I am runnig R-Studio now but need to read the instructions to see how I can preview some of the found files before it finishes in 14hours time !!

thx. please keep me posted.
happy to buy r-studio.
do you run it from windows?

finds and I think I can preview them to see if they are corupted or not, at the end of the scan. If it all looks OK I will by the licence and then no need to rescan, just save files I think?? Already 11% done after just 2 hours and 91,545 “Specific File Documents” which I am assuming will be individual files (picture, document etc etc?) Will come back tomorrow when scan is completed…

ooops think i ran out of letters !!!

Realistically, in a month or two, all I will remember is not to buy Western Digital devices.

If your Duo has two drives with no mirroring there is no way to read one of them alone. I’m not sure you will be able to access the files even if you can get both hooked up at the same time. My DUO is mirrored so all my files are saved on both, not spread over two HDDs. Good luck to us all.

thank you so very much! The backup company said they can recover the data but the file names and dates will be messed up.