This site may earn affiliate commissions from the links on this folio. Terms of use.

WDMPU

There'southward two major pieces of news out most Western Digital, the difficult drive manufacturer and storage giant. First upwardly, the company has announced information technology intends to purchase SanDisk, a major manufacturer of NAND flash and retention cards, for roughly $xix billion dollars. That's a 15% premium over SanDisk'southward current stock cost. The visitor has reportedly been shopping for a buyer — its growth has lagged expectations in recent years.

It'due south probably a smart move for Western Digital, which has similarly been facing the inevitable decline of its hard bulldoze business. I don't expect HDDs to vanish any time soon — the cost / operation curve is simply besides sexy for low-margin vendors similar Dell and HP to resist, and SSDs that can match HDD storage remain far too expensive to exist directly comparable. 6TB drives tin be had for $220, or roughly iii.vi cents per GB, while the 850 Evo 2TB version is currently $750. While that'southward an enormous improvement over prices from years agone, at that place's yet a 10x cost gap betwixt HDDs and SSDs.

The threat to Western Digital and other manufacturers, all the same, is that SSDs could drive down sales of enterprise drives, which typically sell for far more greenbacks and are far more lucrative than bottom-finish consumer hardware. Snapping upward SanDisk gives WD much-needed expertise in bringing NAND products to market and should assist the visitor'south efforts to position itself as a premiere storage provider from consumer hardware to enterprise divisions.

WD encryption standards incredibly flawed

Over the past few years, full-disk encryption has get an increasingly popular style of securing user data. Western Digital manufacturers a line of supposedly secure hard drives meant to help in this endeavor, simply a new written report indicates that these drives are incredibly flawed, with numerous security bugs. Ofttimes these reports focus on a single flaw or line of attack, but that'south not the case here.

All of the Western Digital My Passport drives apply a common compages, every bit shown below:

Encryption1

The researchers found that WD has used a wide range of USB bridges, including parts manufactured by JMicron, Symwave, Initio, and PLX. AES encryption is supported either by the USB bridges or by the SATA controller itself, though versions of the drive apparently didn't offer hardware AES at all.

MyPassport

Passport drives that employ the USB bridge for encryption rely on either AES-128 or AES-256 to create an encryption key. The researchers refer to this as the DEK (Data Encryption Primal). The DEK is set at the factory (all of the drives tested used a 256-bit DEK). The user is then allowed to ready an individual countersign, called the KEK. The mill-set DEK is itself protected by a static hash value, common to all WD Passport drives, chosen the KEK8. The KEK8 is hard-coded into the firmware of every bulldoze. once you lot've cracked one WD Passport, you lot've cracked the DEK on every Passport. The diagram beneath shows the hallmark procedure.

Encryption

The encryption machinery

In cryptography, "salting" a countersign means adding an additional string of data to the original password to brand it less vulnerable to lexicon attacks. If the user chooses a countersign similar "abc12345," just the system salts it past adding #$X,J, the last hash value will be computed for "#$10,J,abc12345." Salting passwords isn't impenetrable, simply it makes entire groups of passwords more difficult to crack — if the common salt is done correctly.

Unfortunately, Western Digital appears to take salted their entire Passport line using a abiding, hard-coded, three-digit salt — "WDC." It tin can't be changed, nether any circumstances.

Hit the DEK

The research team refers to the DEK every bit the holy grail. An assailant who gains access to the DEK tin can bypass the USB span and read the raw data off the bulldoze manually. This requires modifying the bulldoze, simply nosotros've seen plenty reports on the NSA's capabilities in the post-Snowden era to know that this kind of intervention does occur, at to the lowest degree occasionally. Researchers noted that some of the critical infrastructure required to make the necessary physical modifications to the drive is exposed on the HDD PCB itself. This immune them to locate where backup copies of the encrypted DEK were kept and recall them. One time the DEK has been copied from the drive, it can be fauna-forced off-site (possibly with considerably more-advanced computing hardware).

The paper goes on to describe the various attacks made against each of the drive controllers and models previously listed. Not every weakness is present in every controller, merely every device tested had enormous security flaws that made it trivial to retrieve critical data or install then-chosen "evil maid" attacks. Some drives could be modified to launch attacks against new targets via malware embedded into the firmware of the drive itself. In that location's too bear witness that the Random Number Generator used in the Jmicron models isn't actually random at all (that's another enormous red flag).

I controller, the Symwave 6316, actually saves the KEK with a hardcoded encryption sequence and stores it on the drive itself. Since the KEK is used to unlock the DEK, and unlocking the DEK gives you access to every bit of information on the drive, this is like locking your business firm and then hanging the key right next to the door. The PLX flake contains its own backstairs problem and actually leaks the encrypted DEK direct from RAM to the host organization. Western Digital's method of updating the firmware on the drives is also vulnerable to attack.

Don't buy a Passport for security

If you desire a secure hard drive, don't buy a WD Passport. Some of these problems might be fixed with firmware updates, only there are multiple enormous security flaws embedded in multiple controllers and firmware. WD might be able to close some of the about egregious leaks, just information technology's unlikely that the drives can be fully patched and secured. It's non articulate how many of these bug affect other vendors, and using an boosted security program, like VeraCrypt, might avert some of them — but the entire point of buying an encrypting hard bulldoze is supposed to exist that these functions are handled in hardware and don't necessitate additional software (or the overhead associated with the aforementioned).