AliceKlaar
Active Member
- Reaction score
- 119
TL / DR
Western Digital self-encrypting hard drives suffer from having an extractable AES key that can be used to decrypt all data.
Gunnar Alendal, Christian Kison & modg published (28 Sep 2015) research into Western Digital self-encrypting hard drive series "My Passport" / "My Book". These devices researched use HW AES encryption
Discovered multiple vulnerabilities, including:
* Multiple authentication backdoors, bypassing password authentication
* AES factory key recovery attacks, exposing user data on all affected devices, regardless of user password
* Exposure of HW PRNGs used in cryptographic contexts
* Unauthorized patching of FW, facilitating badUSB/evil-maid attacks
Presentation slides, based on research paper:
http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf
Full paper vailable at Cryptology ePrint Archive: https://eprint.iacr.org/2015/1002.pdf
International Association for Cryptologic Research site www.IACR.org
Western Digital self-encrypting hard drives suffer from having an extractable AES key that can be used to decrypt all data.
Gunnar Alendal, Christian Kison & modg published (28 Sep 2015) research into Western Digital self-encrypting hard drive series "My Passport" / "My Book". These devices researched use HW AES encryption
Discovered multiple vulnerabilities, including:
* Multiple authentication backdoors, bypassing password authentication
* AES factory key recovery attacks, exposing user data on all affected devices, regardless of user password
* Exposure of HW PRNGs used in cryptographic contexts
* Unauthorized patching of FW, facilitating badUSB/evil-maid attacks
Presentation slides, based on research paper:
http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf
Full paper vailable at Cryptology ePrint Archive: https://eprint.iacr.org/2015/1002.pdf
International Association for Cryptologic Research site www.IACR.org
