The VICE Channels

    Some Popular 'Self Encrypting' Hard Drives Have Really Bad Encryption

    Written by

    Joseph Cox


    Image: Harke/Wikimedia Commons

    So you’ve bought your encrypted hard drive to protect your sensitive files from prying eyes. But is the crypto on your device really as secure as you think?

    Researchers claim one of the more popular brands of so-called “self-encrypting” drives is plagued by serious security vulnerabilities that allow an attacker trivial access to data stored on its products.

    The problems relate to Western Digital's line of “My Passport” hard drives. Some of them seem pretty popular; one model has nearly 2,000 ratings on Amazon.

    The details were included in a paper dated 28 September, and posted to the Full Disclosure email list this week—a space where vulnerability researchers post their findings if the affected company is not being cooperative.

    As well as some other vulnerabilities, the researchers write that they discovered “backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials.”

    "An attacker who steals your drive can guess the key in a short time using a single PC"

    The My Passport drives allow a user to set a password in order to use them, so theoretically anyone who stole the device wouldn't be able to get to the files on it without the right code.

    “It turns out that's not really true,” Matthew Green, assistant professor at Johns Hopkins University told Motherboard in an email. “The authors show that due to a tragicomedy of errors on the part of [Western Digital], the security of the drives is actually very weak.”

    According to Green, the worst of the problems is how the encryption keys are generated. “[Western Digital] does it using the C rand() function, which is known not to be cryptographically secure,” he wrote. Rand() is a very simple command for returning a pseudo-random number, and is not up to the task of producing a suitably strong key for keeping data secure.

    On top of this, the key is seeded with the time it was created in a 32-bit format. “That means instead of requiring billions of years to crack, an attacker who steals your drive can guess the key in a short time using a single PC,” Green added.

    After all that, it turns out that some models just store the password on the hard drive anyway. That means an attacker wouldn’t even need your password to break into the device.

    “That doesn't even make sense. That key should never be stored on the drive,” Green added.“This is a big problem for people who are relying on them, or worse, are using them to meet regulatory requirements such as encrypting health information for HIPAA.” The Health Insurance Portability and Accountability Act is a piece of US federal legislation that in part is designed to protect health care data.

    "Hopefully nobody is using them for anything that really matters"

    On the Full Disclosure post, the research authors claim that Western Digital has been informed of the vulnerabilities, and say they are not aware of any patches to these problems.

    A Western Digital spokesperson said that the company “has been in a dialogue with independent security researchers relating to their security observations in certain models of our My Passport hard drives.”

    The spokesperson added that “We continue to evaluate the observations,” but would not answer directly whether the company intended to issue a patch. They also did not say how such a patch would reach all of its affected customers.

    “We highly value and encourage this kind of responsible community engagement because it ultimately benefits our customers by making our products better. We encourage all security researchers to responsibly report potential security vulnerabilities or concerns to WD Customer Service and Support.”

    Regardless, “There is no way to look at this security design and say that it was well thought out by expert security engineers,” Green said. “Until the flaws are verifiably fixed, these devices should be viewed as effectively unencrypted. Hopefully nobody is using them for anything that really matters.”