WD self-encrypted HDDs have security flaws claims report

Western Digital (WD) has a full line of self-encrypting hard drives and a new report has been published that claims these drives are rife with security issues. According to a report written by Gunnar Alendal and Christian Kison from Ruhr-Universitat Bochum, the security issues are so significant that any attacker with physical access can retrieve the data with minimal effort.

The report goes on to claim that in some instances the attackers don't even need to know the decryption password. The weakness is allegedly found in multiple versions of the my Passport and My Book lines of external hard drives. The security issues that the researchers have discovered affect both authentication and confidentiality of user data.

The researchers claim to have developed several attacks that can be used to recover data from the password protected drives. The researchers say that in one case the key was predictable because the random numbers that generated the key were based on the current time on the computer clock. That particular flaw was fixed by WD last year.

In another instance, the researchers were able to get the hash off the encrypted drive and load it onto a computer for cracking off-line. Another flaw is equal to a back door according to the researchers who claim that it could be used to decrypt data without knowing or cracking the password. The drives ship with a default password, but the team found that when the owner has changed the user-defined password only once, the key corresponding to the default password is still on the drive.

SOURCE: ArsTechnica