Western Digital My Cloud Experiences Yet Another Breach

Western Digital’s My Cloud Network is down again after some sort of network breach. According to a Western Digital press release,

On March 26, 2023, Western Digital identified a network security incident involving Western Digital’s systems. In connection with the ongoing incident, an unauthorized third party gained access to a number of the Company’s systems.

Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts. This investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.

I am actually legitimately impressed that Western Digital continues to attract customers to its My Cloud offerings, given that issues like this are fairly routine for the company and service.

Back in 2018, for example, security researchers discovered that My Cloud devices had a hard-coded backdoor in them and many other vulnerabilities.

GulfTech also discovered a backdoor that bears the admin username ‘mydlinkBRionyg’ and password ‘abc12345cba.’ Anyone can just log into My Cloud devices with the said credentials, which were hardcoded into the binary and cannot be changed. This backdoor access can also allow malicious actors to access code that is vulnerable to command injection. It can spawn a root shell as well.

In 2021, hackers found a vulnerability in older My Cloud OS 3 devices that allowed them to remotely wipe Western Digital My Book Live devices after someone at Western Digital removed code that required a password to do a factory reset of the devices.

To add insult to injury, Western Digital’s response was to announce that the fix for this problem was for people to buy new devices that supported My Cloud OS 5. According to an Engadget story,

When Engadget reached out to Western Digital, a spokesperson for the company told us there is a fix for this vulnerability — we ‘patched’ OS3 with OS 5.” They added: “My Cloud OS 5 is a major security release that provides an architectural revamp of our older My Cloud firmware. All My Cloud products currently under active support are eligible for the My Cloud OS 5 upgrade and we recommend that all users upgrade as soon as possible to benefit from the latest security fixes.

In March 2022, Western Digital had to release a patch for My Cloud after a supply chain vulnerability left devices open to remote code execution. But the problems went well beyond supply chain issues.

To make matters worse, Western Digital PR4100 had a public AFP share by default, which was available to the hackers without requiring user authentication.

Look, Western Digital has no clue what it is doing with security in My Cloud. No one who cares about their data should ever use this product.

Dropbox Details Its Shift to SMR Drives

Dropbox posted an analysis of its adoption of shingled magnetic recording (SMR) drives in its data centers.

SMR is a storage method that writes data to overlapping magnetic tracks. The technique allows for higher storage density and lower power consumption but generally results in slower write speeds, as multiple tracks may have to be overwritten to write new data to the drive.

The adoption of SMR got Western Digital into legal trouble a few years ago after it surreptitiously began shipping SMR drives as part of its Red NAS line of hard drives without informing consumers.

In its analysis of its adoption of SMR, Dropbox notes that as of 2023, about 90 percent of the hard drives in its data centers are SMR.

The advantages are a roughly 20 percent increase in density while leading to large declines in power usage requirements,

The energy required to operate our hard drives is measured in power consumption per terabyte (TB/watt). Since our first 4 TB deployment, TB/watt has decreased by around 5-6x—largely because our SMR drives can cram more terabytes into the same physical and energy footprints as conventional PMR drives.

Our very first 14 TB SMR drive almost cut our power footprint in half for idle and random read workloads compared to its PMR predecessor. Our latest 18 TB and 20 TB drives show an amazing ~.30 watts per 1 TB in idle and ~.50 watts per 1 TB for random read workloads. Data from our vendors suggests this trend will continue, even as capacities increase.

Even as it is extolling the virtues of SMR, however, Dropbox is already preparing for the future, which it believes is heat-assisted magnetic recording (HAMR). HAMR is a technique that heats the hard drive to 450 degrees Celsius for a nanosecond as it writes data. This allows data to be stored in smaller areas on the disk, allowing overall disk density to be much higher. HAMR promises future 3.5″ hard drives with 50TB capacities.

In anticipation of this next jump in areal density, our focus has shifted from increasing the number of HDDs in our enclosures to minimizing the impact that physical vibrations can have on the I/O performance of higher density drives. While there was much more margin for vibrations in prior designs, that margin is now much less as HDD data tracks become smaller and spaced more closely together. It’s common to see high frequency vibrations cause head positioning errors, which can, in turn, cause performance degradation. Vibration can come from fans, the rotational forces and seek actions of nearby HDDs, even the HDD itself—or, when frustrated enough, a yelling engineer. ?

Our focus in the future will be to minimize HDD performance degradation from system vibrations by suppressing structural vibration of the system chassis and reducing fan noise. Putting more focus into this area will be critical as we onboard next generation HDDs, and it’s great to see some efforts already underway in the Open Compute Project (OCP) community. We are planning to leverage the OCP’s HDD Acoustical Surrogate—a new industry-standard specification for vibrational testing—in our seventh generation designs.

Western Digital Announces Plans to Build Future Hard Drives with Microwave-Assisted Magnetic Recording (MAMR)

AnandTech.com has an interesting look at Western Digital’s recent announcement that it will be moving forward with production of mechanical hard drives using microwave-assisted magnetic recording (MAMR).

Essentially what MAMR does is add a device to the write head of the hard drive to generate microwaves. The microwaves make it easier to write to smaller areas of the hard drive, allowing for capacity increases on the platter.

In its press release hype over the technology, Western Digital claims that MAMR will allow it to increase hard drive sizes to eventually reach a 40TB 3.5″ hard drive by 2025.

5 TB Hard Drives Finally on Their Way in 2013?

Interesting speculation at Tom’s Hardware based on an alleged document leak that Western Digital plans to release a 5 terabyte hard drive by the end of 2013.

If it hadn’t been for the Thailand floods of 2011, a 5TB hard drive would have probably already made it to market. The flooding wiped out a significant portion of hard drive manufacturing plants which led to a decline in the number of hard drives shipped worldwide and a sharp rise in hard drive costs.

Western Digital only recently got around to releasing a consumer level 4TB hard drive, so a 5TB by the end of the year would be most welcome.

Western Digital Launches 2TB Hard Drive

Hard DriveHere’s Western Digital’s press release announcing the launch of their 2TB hard drive,

“While some in the industry wondered if the end consumer would buy a 1 TB drive, already some 10 percent of 3.5-inch hard drive sales are at the 1 TB level or higher, serving demand from video applications and expanding consumer media libraries,” said Mark Geenen, President of Trend Focus. “The 2 TB hard drives will continue to satisfy end user’s insatiable desire to store more data on ever larger hard drives.”

WD Caviar Green is one of the most successful product lines in the company’s recent history with its third-generation GreenPower™ technology, now providing 2 TB of proven reliable storage for today’s high-resolution files and graphics. WD Caviar Green drives are designed for use in USB/FireWire®/eSATA external hard drives, desktop computers, workstations, and desktop RAID environments.

Ah yes . . . insatiable desires . . . for storage. What sort of people could he possibly be talking about? Hmmm.

Suggested retail price is $299. As of today, you can buy a 1TB WD drive on Amazon for $112. Nice.