Researchers Find Critical Flaws in Self-Encrypting Hardware Drives That Can Expose Data
Western Digital hard disks are extremely popular with uses, however their hardware-based encryption system has critical flaws that could allow attackers to recover data without knowing the user password. This was revealed by a team of three security researchers.
The team had investigated into how the self-encryption feature was implemented in several popular Western Digital My Passport and My Book models. Depending on the type of microchip used for the encryption operation, they found design flaws and backdoor-like features that enable brute-force password guessing attacks or even decryption of the data without knowing the password.
The researchers found that in some of the Western Digital products, encryption is performed by the chip that bridges the USB and SATA interfaces while in other products, the encryption is done by the HDD’s own SATA controller, the USB bridge handled only the password validation.
The team studied six Western Digital hardware models and were able to uncover key facilitating brute-force password attacks, discover keys stored on the device that bypass any native security, extract and replace firmware and also found complete backdoors into the devices.
The research paper titled “got HW crypto? On the (in)security of a Self-Encrypting Drive series” by Gunnar Alendal, Christian Kison, and modg, describes issues that expose encryption keys to attack without the need for authentication, such as the password that unlocks the drive once it’s encrypted.
The researchers stated that most of the drives tested were manufactured between 2007 and 2013 none of the drives had been patched so far.
In most of the My Passport models, encryption and decryption is done by the USB bridge that connects the host via USB to the external drive’s SATA interface. The interface to the hard drive can be accessed by entering a password. These factory-set passwords or keys are generated using an insecure random number generator that is seeded with the computer’s current time, lowering the protection of the drive from 256 bits of security to 32 bits.
Though Western Digital claims it had patched this issue in May 2014, the researchers, in their release notes said that they were not able to find any fix. “As the unlock software, located on the VCD [virtual CD] for all MP [My Passport], has the ability to erase the drive, this vulnerability is still present until all VCDs are patched,” the researchers wrote.
In addition, the key generated by the user’s password is stored on the device, and while this is problematic, the problem with the RNG renders the drive insecure long before the password is required.
The paper covers all security weaknesses uncovered for multiple versions of My Passport drives and the various USB bridges from different manufacturers built into them. On some models, for example, the researchers were able to trick the USB bridge to go into download mode and accept an attacker’s firmware update, for example. This opens the door for any number of attacks, including Evil Maid attacks where an unattended laptop in a hotel room, or a laptop confiscated at a border crossing, for example, could be attacked.
Another weakness exposes the data encryption key by leaking RAM; in this attack, the researchers were able to read boot sectors that were supposed to be hidden and calculate the key.