Technology News

Western Digital Hard Drives Feature Multiple Security Flaws: Report

By Manish Singh | Updated: 21 October 2015 11:46 IST
Western Digital Hard Drives Feature Multiple Security Flaws: Report
Advertisement

According to researchers, several vulnerabilities have been found in the built-in encryption offered with Western Digital hard drives. The vulnerabilities, if exploited, can give an attacker access to the data on a password-protected hard drive. The hard drive manufacturer has acknowledged the existence of flaws in its hardware-based encryption but did not reveal if it was working on a fix.

Security researchers Gunnar Alendal, Christian Kison, and one who goes by the alias "modg," investigated how the self-encryption feature is implemented in several popular Western Digital My Passport and My Book models. The researchers presented a paper last month titled "got HW crypto? On the (in)security of a Self-Encrypting Drive series" reporting vulnerabilities in the abovementioned hard drive models. They found that the hard drive models depending on the type of microchip they used for the encryption had various types of design flaws.

The researchers said most hard drive brands come with a built-in capability to encrypt all stored data. The hard drive uses strings to create DEK, the data encryption key. In theory, it produces 32 bytes, which should still be hard enough to decrypt. But as security researchers noted, the algorithm which the hard drive uses encapsulates just repetitions of a four-byte value.

The researchers also found flaws in the USB bridge chips used in WD drives. If exploited, the flaw allowed an attacker to gain backdoor access to the encrypted data. In some cases, furthermore, the researchers found that the chip stored the key in plain text in its EEPROM, making it easy to recover it.

"We developed several different attacks to recover user data from these password-protected and fully encrypted external hard disks," the researchers noted. "In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user's PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code."

Newer My Passport hard drives use JMicron JMS569 that can be forcibly unlocked using forensic tools able to access unencrypted portions of the drive. These forensic tools are commercially available.

The researchers also noted that the firmware update process on the tested hard drives did not use cryptographic signature verification which makes it prone to attacks. In theory, one can riddle the firmware with malware and infect host computers and even add cryptographic backdoors in them.

Security researchers said that they have informed the hard drive company about the vulnerabilities, and that they are not aware if the company is working on a fix. A Western Digital representative told Forbes, that the company continues "to evaluate the observations."

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Hard Drive, Security, Vulnerability, Western Digital
HTC One A9 With Android 6.0 Marshmallow, iPhone-Like Design Launched
Uber Invests Big in China in Face of Fierce Rival

Related Stories

Western Digital Hard Drives Feature Multiple Security Flaws: Report
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Google Maps to Show EV Charging Stations, Public Transport Options Soon
  2. Ray-Ban Meta Smart Glasses: Versatile and Practical
  3. Microsoft's New AI Video Model Can Generate Eerily Realistic Videos
  4. Huawei Pura 70 Ultra, Huawei Pura 70 Pro+ Launched: See Price
  5. Nothing Phone 2 Gets NothingOS 2.5.5 Update With ChatGPT Integration
  6. Nothing Ear, Nothing Ear A With Up to 45dB ANC Debut in India: See Price
  7. Vivo V30e Set to Launch in India Soon; Specifications, Colurways Teased
  8. HMD Unveils The Boring Phone With No Access to Internet
  9. OTT Releases This Week: Rebel Moon Part 2, Article 370 and More
  10. Flipkart Upcoming Sale 2024: Check out Next Sale Date and Best Offers
#Latest Stories
  1. Apple Tipped to Equip Purported 12.9-inch iPad Air Model With Mini LED Screen
  2. New OTT Releases This Week: Rebel Moon Part 2, Article 370, All Indian Rank and More
  3. Google Maps Makes It Easier to Find EV Chargers, Search Now Shows Sustainable Travel Options
  4. Nothing Phone 2 Receives NothingOS 2.5.5 Update With ChatGPT Integration, UltraXDR and More
  5. Snapchat to Display Watermark on Images Created Using Snap's Generative AI Tools
  6. Wayve Lingo-2 AI Model With Autonomous Driving Capabilities, Ability to Take Passenger Instructions Showcased
  7. Redmi 13 5G Model Numbers Surface Online; Could Debut in India as Poco M7 Pro 5G
  8. Moto Buds, Moto Buds+ With Dynamic ANC, Hi-Res Audio Launched: Price, Specifications
  9. Android 15 Could Include App Quarantine Feature to Protect Users From Malicious Apps: Report
  10. Tencent InstantMesh, an AI Model Capable of 3D Rendering Static Images Unveiled
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »