Menu
Western Digital self-encrypting external hard disk drives have flaws that can expose data

Western Digital self-encrypting external hard disk drives have flaws that can expose data

Researchers found serious flaws in the encryption implementation on Western Digital external drives

The hardware-based encryption built into popular Western Digital external hard disk drives has flaws that could allow attackers to recover data without knowing the user password.

A team of three security researchers investigated how the self-encryption feature was implemented in several popular Western Digital My Passport and My Book models. Depending on the type of microchip used for the encryption operation, they found design flaws and backdoor-like features that enable brute-force password guessing attacks or even decryption of the data without knowing the password.

In some cases they found that the encryption is performed by the chip that bridges the USB and SATA interfaces. In other cases the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation.

The researchers tested WD external drive models with six different USB bridges from JMicron Technology, Symwave, Initio and PLX Technology. Due to implementation differences between the different chips, the discovered security issues varied from device to device, but they were all serious, the researchers said in a recently released paper.

The way encryption works in these drives is that a user-selected password is used to create a key encryption key (KEK). This is a cryptographic hash of the password generated with the SHA256 function.

The KEK is then used to encrypt a separately generated data encryption key (DEK). This encrypted version of the DEK, known as the eDEK, is stored in the USB bridge's EEPROM, in a hidden sector on the hard disk itself or in a special disk region called the service area.

The eDEK is decrypted when the user inputs the correct password in the drive's software that runs on the host computer and the resulting DEK is then used by the chip to perform the encryption and decryption operations on the fly.

For four of the tested USB bridges the researchers found methods of extracting the eDEK, allowing for offline brute-force attacks to guess the KEK and subsequently recover the DEK.

This is also made easier by the fact that all WD drives use a hardcoded salt -- a unique string that gets combined with the user-supplied passwords before hashing for added complexity -- and a fixed iteration count for the hashing itself, the researchers said.

By knowing these details attackers could use large collections of common passwords to pre-compute their corresponding KEKs. These could then be used to try to decrypt the extracted eDEKs and ultimately the data stored on the drives.

While choosing complex and sufficiently long passwords could protect against such guesswork, for some drive models brute-force attacks are not even necessary, the researchers found. That's because four of the USB bridge chips used in WD drives have authentication flaws that can provide attackers with backdoor access to the encrypted data.

For one chip they found that the KEK is stored in plain text in its EEPROM, making its recovery easy. In another chip, the KEK was stored in encrypted form, but it was encrypted with a hardcoded key that can also be extracted. For a third chip the KEK can be extracted from RAM using a vendor-specific command.

For one JMicron chip, the researchers managed to use a commercial data recovery tool to delete some bits from a drive's service area, completely unlocking the drive's data. This compromises the encryption without the need to recover any password or KEK.

For the two remaining chips that did not have authentication backdoors, the researchers determined that the data encryption key (DEK) was generated using poor sources of random data obtained from the host computer and a predictable on-chip random number generator.

For one bridge, the JMicron JMS538S, the researchers estimate the complexity to be at best 2^40, which, according to them, allows the DEK to be recovered in a few hours on a normal high-end computer. On an Initio INIC-1607E chip the complexity is 2^57, making DEK recovery harder, but within the reach of attackers with access to suitable hardware resources, the researchers said.

The firmware update process on the tested hard drives does not use cryptographic signature verification and can therefore be hijacked. This could allow attackers to implant malware inside the firmware to infect host computers or to add cryptographic backdoors. There is no easy way to recover from such firmware modifications, the researchers said.

Western Digital has been in a dialog with the independent security researchers regarding their findings for certain models of My Passport hard drives and is currently evaluating their observations, a Western Digital representative said via email. "We highly value and encourage this kind of responsible community engagement because it ultimately benefits our customers by making our products better."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments