Academics Find Critical Flaws in Self-Encrypting Hardware Drives

Share this…

Some consumer-grade, self-encrypting external hard drives are littered with security vulnerabilities that render their encryption an afterthought.

An academic paper published in late September took apart a number of drives manufactured by Western Digital that suffer from flaws that are trivial to exploit and put any data stored on the hardware at risk.

Six hardware models were studied and the researchers were able to uncover key leaks facilitating brute-force password attacks, discover keys stored on the device that bypass any native security, extract and replace firmware and also found complete backdoors into the devices.

A request for comment from Western Digital was not returned in time for publication.

The paper “got HW crypto? On the (in)security of a Self-Encrypting Drive series” by Gunnar Alendal, Christian Kison, and modg, describes issues that expose encryption keys to attack without the need for authentication, such as the password that unlocks the drive once it’s encrypted. Most of the drives tested were manufactured between 2007 and 2013 and the researchers said in the paper that none of the drives had been patched.

Academics Find Critical Flaws in Self-Encrypting Hardware Drives

The paper also focuses on the USB models of the My Passport drives built by Western Digital; the devices can also connect via Thunderbolt or Firewire as well. In most of the My Passport models examined for this paper, encryption and decryption is done by the USB bridge that connects the host via USB to the external drive’s SATA interface, the researchers said. Access to the interface is blocked until a password is entered, for example. In new models, the paper said, that paradigm has changed and encryption/decryption is performed on the SATA controller. The paper explains that the user’s password generates a key that protects the key guarding the data on the drive.

These factory-set keys are generated, however, using an insecure random number generator that is seeded with the computer’s current time, lowering the protection of the drive from 256 bits of security to 32 bits.

“That means they are trillions and trillions of times easier to crack than they should be, and in practice an attacker with a laptop may be able to crack the key and fully decrypt them,” said Matthew Green, a crypto expert and professor at Johns Hopkins University.

The paper mentions that Western Digital patched this issue around the RNG in May 2014, but the researchers were unable to find the fix in the release notes.

“As the unlock software, located on the VCD [virtual CD] for all MP [My Passport], has the ability to erase the drive, this vulnerability is still present until all VCDs are patched,” the researchers wrote.

In addition, the key generated by the user’s password is stored on the device, and while this is problematic, the problem with the RNG renders the drive insecure long before the password is required.

The paper covers all security weaknesses uncovered for multiple versions of My Passport drives and the various USB bridges from different manufacturers built into them. On some models, for example, the researchers were able to trick the USB bridge to go into download mode and accept an attacker’s firmware update, for example. This opens the door for any number of attacks, including Evil Maid attacks where an unattended laptop in a hotel room, or a laptop confiscated at a border crossing, for example, could be attacked.

Another weakness exposes the data encryption key by leaking RAM; in this attack, the researchers were able to read boot sectors that were supposed to be hidden and calculate the key.