The encryption systems used in Western Digital's portable hard drives are pretty pointless, according to new research.
WD's My Passport boxes automatically encrypt data as it is written to disk and decrypt the data as it is read back to the computer. The devices use 256-bit AES encryption, and can be password-protected: giving the correct password enables the data to be successfully accessed, The Register reported.
Now, a trio of infosec folks – Gunnar Alendal, Christian Kison and "modg" – have tried out six models in the WD My Passport family, and found blunders in the software designs.
For example, on some models, the drive's encryption key can be trivially brute-forced, which is bad news if someone steals the drive: decrypting it is child's play. And the firmware on some devices can be easily altered, allowing an attacker to silently compromise the drive and its file systems.
"We developed several different attacks to recover user data from these password-protected and fully encrypted external hard disks," the trio's paper [PDF] [slides PDF] states.
"In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user's PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code."
My Passport models using a JMicron JMS538S micro-controller have a pseudorandom number generator that is not cryptographically secure, and merely cycles through a sequence of 255 32-bit values. This generator is used to create the data encryption key, and the drive firmware leaks enough information about the state of the random number generator for this key to be recreated, we're told.
"An attacker can regenerate any DEK [data encryption key] generated from this vulnerable setup with a worst-case complexity of close to 240," the paper states.
"Once the DEK [data encryption key] is recovered, an attacker can read and decrypt any raw disk sector, revealing decrypted user data. Note that this attack does not need, nor reveals, the user password."
Drive models using a JMicron JMS569 controller – which is present in newer My Passport products – can be forcibly unlocked using commercial forensic tools that access the unencrypted system area of the drive, we're told.
Drives using a Symwave 6316 controller store their encryption keys on the disk, encrypted with a known hardcoded AES-256 key stored in the firmware, so recovery of the data is trivial.
It must be stressed that the flaws are in WD's software running on these microcontrollers, rather than the chips themselves.
Meanwhile, Western Digital says it is on the case.
"WD has been in a dialogue with independent security researchers relating to their security observations in certain models of our My Passport hard drives," spokeswoman Heather Skinner told The Register in a statement.
"We continue to evaluate the observations. We highly value and encourage this kind of responsible community engagement because it ultimately benefits our customers by making our products better. We encourage all security researchers to responsibly report potential security vulnerabilities or concerns to WD Customer Service and Support."
GMT 06:16 2018 Saturday ,13 January
Gadgets for kids still big at tech show despite concernsGMT 13:27 2018 Tuesday ,09 January
Virtual aide market a 'wildfire' at CES gadget showGMT 12:30 2017 Friday ,22 December
NASA picks finalists to explore comet, Saturn's moonGMT 22:46 2017 Sunday ,05 November
Asteroid-bound spacecraft zips by Earth for gravity boostGMT 22:41 2017 Sunday ,05 November
Fourth gravitational wave is detected, with European helpGMT 22:36 2017 Sunday ,05 November
Spikes in carbon emissions detected with NASA satelliteGMT 15:04 2017 Tuesday ,28 February
When galaxies crash, black holesGMT 10:46 2017 Tuesday ,14 February
Astronomers zoom in on megastarMaintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor