![]() For a third chip the KEK can be extracted from RAM using a vendor-specific command.įor one JMicron chip, the researchers managed to use a commercial data recovery tool to delete some bits from a drive's service area, completely unlocking the drive's data. In another chip, the KEK was stored in encrypted form, but it was encrypted with a hardcoded key that can also be extracted. That's because four of the USB bridge chips used in WD drives have authentication flaws that can provide attackers with backdoor access to the encrypted data.įor one chip they found that the KEK is stored in plain text in its EEPROM, making its recovery easy. While choosing complex and sufficiently long passwords could protect against such guesswork, for some drive models brute-force attacks are not even necessary, the researchers found. These could then be used to try to decrypt the extracted eDEKs and ultimately the data stored on the drives. This is also made easier by the fact that all WD drives use a hardcoded salt - a unique string that gets combined with the user-supplied passwords before hashing for added complexity - and a fixed iteration count for the hashing itself, the researchers said.īy knowing these details attackers could use large collections of common passwords to pre-compute their corresponding KEKs. The eDEK is decrypted when the user inputs the correct password in the drive's software that runs on the host computer and the resulting DEK is then used by the chip to perform the encryption and decryption operations on the fly.įor four of the tested USB bridges the researchers found methods of extracting the eDEK, allowing for offline brute-force attacks to guess the KEK and subsequently recover the DEK. This encrypted version of the DEK, known as the eDEK, is stored in the USB bridge's EEPROM, in a hidden sector on the hard disk itself or in a special disk region called the service area. ![]() The KEK is then used to encrypt a separately generated data encryption key (DEK). This is a cryptographic hash of the password generated with the SHA256 function. ![]() The way encryption works in these drives is that a user-selected password is used to create a key encryption key (KEK). Due to implementation differences between the different chips, the discovered security issues varied from device to device, but they were all serious, the researchers said in a recently released paper. The researchers tested WD external drive models with six different USB bridges from JMicron Technology, Symwave, Initio and PLX Technology. In other cases the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation. In some cases they found that the encryption is performed by the chip that bridges the USB and SATA interfaces. The hardware-based encryption built into popular Western Digital external hard disk drives has flaws that could allow attackers to recover data without knowing the user password.Ī team of three security researchers investigated how the self-encryption feature was implemented in several popular Western Digital My Passport and My Book models. Depending on the type of microchip used for the encryption operation, they found design flaws and backdoor-like features that enable brute-force password guessing attacks or even decryption of the data without knowing the password.
0 Comments
Leave a Reply. |