Western Digital Hard Drives Feature Multiple Security Flaws

According to researchers, several vulnerabilities have been found in the built-in encryption offered with Western Digital hard drives. The vulnerabilities, if exploited, can give an attacker access to the data on a password-protected hard drive. The hard drive manufacturer has acknowledged the existence of flaws in its hardware-based encryption but did not reveal if it was working on a fix.

Security researchers Gunnar Alendal, Christian Kison, and one who goes by the alias “modg,” investigated how the self-encryption feature is implemented in several popular Western Digital My Passport and My Book models. The researchers presented a paper last month titled “got HW crypto? On the (in)security of a Self-Encrypting Drive series” reporting vulnerabilities in the abovementioned hard drive models. They found that the hard drive models depending on the type of microchip they used for the encryption had various types of design flaws.

The researchers said most hard drive brands come with a built-in capability to encrypt all stored data. The hard drive uses strings to create DEK, the data encryption key. In theory, it produces 32 bytes, which should still be hard enough to decrypt. But as security researchers noted, the algorithm which the hard drive uses encapsulates just repetitions of a four-byte value.

The researchers also found flaws in the USB bridge chips used in WD drives. If exploited, the flaw allowed an attacker to gain backdoor access to the encrypted data. In some cases, furthermore, the researchers found that the chip stored the key in plain text in its EEPROM, making it easy to recover it.

“We developed several different attacks to recover user data from these password-protected and fully encrypted external hard disks,” the researchers noted. “In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user’s PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code.”

Newer My Passport hard drives use JMicron JMS569 that can be forcibly unlocked using forensic tools able to access unencrypted portions of the drive. These forensic tools are commercially available.

The researchers also noted that the firmware update process on the tested hard drives did not use cryptographic signature verification which makes it prone to attacks. In theory, one can riddle the firmware with malware and infect host computers and even add cryptographic backdoors in them.

Security researchers said that they have informed the hard drive company about the vulnerabilities, and that they are not aware if the company is working on a fix. A Western Digital representative told Forbes, that the company continues “to evaluate the observations.”

Leave a Reply

Your email address will not be published. Required fields are marked *