Slashdot Mirror

← Back to Stories (view on slashdot.org)

Self-Encrypting Western Digital Hard Drives Easy To Crack

Posted by Soulskill on from the don't-roll-your-own-encryption dept.

New submitter lesincompetent writes: Security researchers have found severe flaws in the encryption methods used in certain hard drives from Western Digital. Quoting the abstract should be enough to show how dire the situation is: "We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials." The paper by Alendal, Kison and modg is available here in PDF format.

74 comments

  1. Ah good - can I get at my backups now? by tebee · · Score: 3, Insightful

    I used an external WD hard drive for my backups, but it decided to not speak to the computer anymore last week. I assume it's the USB interface has died as it's no longer recognized by the computer.

    So I pulled the drive out of it and plugged it in as in internal drive to the desktop computer. It could see the drive so it was still working, but it could not recognize the format of it.

    Research showed me that western digital use a hardware encryption chip on the driver board to protect user data.

    So if someone steals the hard drive out of my external drive they won't be able to read my data. If, on the other hand they steal the whole external hard drive, they will have the encryption chip too and can just plug it into their usb and read everything of mine.

    This seems a spectacularly useless feature which just makes life hard for me - but maybe I can fix it now !

    --
    N.B. this user is far too lazy to write a witty and intelligent sig.
    1. Re:Ah good - can I get at my backups now? by inasity_rules · · Score: 1

      Wait... Seriously? There is not even a passcode you need to enter?

      --
      I have determined that my sig is indeterminate.
    2. Re:Ah good - can I get at my backups now? by bloodhawk · · Score: 1

      There is a password, it is just useless. sounds like the OP doesn't understand what he is seeing though.

    3. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 1

      No, that's not what that is. The cryptography happens on the actual drive, not in the USB-SATA adapter. For several reasons, hard disks have begun using 4K sectors instead of 512B sectors, and USB-SATA adapters have gained the capability of presenting a hard disk with 4K sectors as if it used 512B sectors and vice-versa. If you remove the drive from the enclosure, you see the effect of that remapping that some USB-SATA adapters perform. Suddenly all offsets in partition tables and filesystems are wrong, because they reference a different sector size. To read the data again, you need to put the drive in an enclosure which has a USB-SATA adapter that uses the same mapping. The data on the actual drive is either transparently encrypted or not encrypted at all. Either way, that's not the reason why you can't read the data right now.

    4. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 1

      I should've read the article. There are indeed some WD USB disks where the USB-SATA adapter performs the encryption. Anyhow, if you never installed WD-provided software for your drive and never entered a password, the more likely explanation is still a sector size remapping. Try to read raw sectors from the disk and pipe them through "strings" to see if there is any recognizable content: dd if=/dev/sdx | strings where /dev/sdx is the device name of the disk.

    5. Re:Ah good - can I get at my backups now? by goarilla · · Score: 1

      I usually do xxd /dev/sdx | fgrep 'R.NTFS' to find NTFS drives. But yes some WD USB disks use the password to encrypt the master key situated on the small adapter card.

    6. Re: Ah good - can I get at my backups now? by Anonymous Coward · · Score: 1

      The usb clip on mine had broken off, which is a common problem. I ordered a new board, but still couldn't read the data. WD is no help of course. This article gives me a bit of hope that all is not lost.

    7. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 0

      Some controllers with encryption support have it always on. The AES blocks are in the IO pipeline and are never (or cannot be) disabled. They key is simply a default value. If you indeed have one of these things, just buy the same controller and connect the drive to it.

    8. Re:Ah good - can I get at my backups now? by goarilla · · Score: 1

      At least that's how I think they do it.

    9. Re: Ah good - can I get at my backups now? by Anonymous Coward · · Score: 0

      He's half right. The chip being referred to definitely exists on some of their portable usb3 externals (the ones where the HDD has a usb3 plug only on it's circuit board, no small board you can unplug to reveal a SATA connector. My understanding is that if the controller board on one of them fails a chip has to be moved from the failed board to the new, but I could be wrong.

    10. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 0

      OP has it exactly right.

    11. Re:Ah good - can I get at my backups now? by donaldm · · Score: 1

      Research showed me that western digital use a hardware encryption chip on the driver board to protect user data.

      Basically if your hard drive has failed and if you are a bit worried about it falling into someones hands if you discard it then the best solution is to destroy the hard disk platter.

      It must be noted that it is only the hard disk that retains all your data even though the electronics may have failed or there are too many bad blocks that the disk is flagged as failed.

      To destroy the hard disk is fairly simple to do, however it is best to wear eye protection just in case. Just undo the four or five screws on top and remove the cover then take a small hammer or other such hard object and strike the platter, it will shatter since it is glass (hence the reason for eye protection). Next dispose off either by recycling (preferred) or land-fill. Obviously dispose of the electronics and disk shards separately.

      For SSD's you can't go wrong with a sledge hammer although that would work for pretty much all storage devices but it does leave a bit of a mess.

      Basically no organisation or criminal will even attempt to reconstitute your shattered hard disk since it would just about prove impossible to get data off. :-)

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    12. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 0

      So much false stuff being replied here but tebee is right. Even if you never install the WD software, the data on some WD externals is encrypted with default info. You will only know if you separate the HDD from the USB interface. It is not a 4K sector alignment issue as you can see if you hexedit the disk. Jeez.

    13. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 0

      > then take a small hammer or other such hard object and strike the platter, it will shatter since it is glass (hence the reason for eye protection).

      Or just slam the disk drive intact on the floor repeatedly. Since it's glass, you'll here it shatter.

    14. Re:Ah good - can I get at my backups now? by Anonymous Coward · · Score: 0

      So all those 80 hard drives at work that I had to punch-through with a gear-driven steel spike on must have been decoys to distract me from the real hard drives. Every single one, at least 4 manufacturers, had metal substrates. (Work has a strict hard drive destruction policy)

      Any "glass" platters you have seen are POSSIBLY ceramic, not plain old silica-based glass.

      Have you actually opened a consumer hard drive lately? What do you think would happen to "glass disks" each time you dropped a laptop a few inches?

    15. Re:Ah good - can I get at my backups now? by Solandri · · Score: 1

      So I pulled the drive out of it and plugged it in as in internal drive to the desktop computer. It could see the drive so it was still working, but it could not recognize the format of it.

      Research showed me that western digital use a hardware encryption chip on the driver board to protect user data.

      That's probably not the reason. A lot of recent external drives use a proprietary formatting scheme. If you remove the drive from the enclosure and plug it straight into your computer, your computer will not be able to read the data written on it. The computer can use the drive just fine if you reformat it, it just can't read data written on it while it was in the enclosure.

      My guess is this has something to do with the 2 TB limit of MBR partition disks. MBR was the default partitioning format for many versions of Windows. The HDD companies probably didn't want to field tech support calls from people complaining that their 3+ TB external HDD could only be formatted to 2 TB. So they came up with a proprietary hardware controller which allowed MBR disks to have partitions larger than 2 TB; the downside being the data cannot be read if you remove that controller and plug the drive straight into your computer.

    16. Re:Ah good - can I get at my backups now? by fennec · · Score: 1

      I had the same issue with a friend's WD essential. I tried many things, I eventually managed to reflash the firmware with an older version of the update program, and it showed up after repluging it. I then saved all the content to anther drive.

  2. Any use of this? by Anonymous Coward · · Score: 1

    I always thought that encryption should be handled by the OS -- not the drive, and that these "encrypting hard drives" are a gimmick to add one bullet point to the retail box and lure non-technical buyers.

    1. Re:Any use of this? by e70838 · · Score: 4, Insightful

      hardware encryption are also a way to fight against open source. First, special drivers have to be develop to handle the features. Second, it suggest that the encryption is handled by the hardware and that there is no benefit in having the OS providing better encryption.

    2. Re:Any use of this? by aaaaaaargh! · · Score: 1

      Encryption at the hard drive level would be vastly superior to any encryption by the OS, if it was done correctly and with tamper-resistant chips. However, history has shown that dedicated hardware encryption devices for the consumer market practically always contain backdoors or ridiculous weaknesses. Practically always, if not always. Even expensive professional devices are only moderately trustworthy (see e.g. the "Crypto AG" story), most "professional" encryption based on closed source software or hardware is snake oil anyway. Still, it could be done in a way that is much more secure than what operating systems can offer.

      If companies had a real interest in security, they would first and foremost include reliable wiping functions into their hardware. But I know of no storage device with such functionality.

    3. Re:Any use of this? by Anonymous Coward · · Score: 0

      Encryption at the hard drive level would be vastly superior to any encryption by the OS, if it was done correctly and with tamper-resistant chips.

      Why tamper-resistant? Two options:

      a) To prevent people from getting the algorithm. This is known in security circles as "security by obscurity". All algorithms have bugs, and hiding the bugs only gives you a limited time until the bugs become known. Good algorithms have been looked over by hundreds of researchers, and all the bugs found have been fixed.

      or

      b) To protect the key. This means that if you steal the hardware, you have both the ciphertext and the key. The only time the encryption is going to stop anyone, is when the encryption chip forgets the key and the legitimate user can't get to his data (happens all the time). The criminal will just let the chip decrypt the data as usual.

      To be secure, the key needs to be externally provided, and this needs OS support (unless you are going to add a keypad to the hard drive). In that case, since the algorithm needs to be open, and the key is only stored in RAM, you have no use for the tamper resistant chip. How to secure the key is up to the owner of the system, it could be an encrypted file on the boot drive, it could be generated directly from a pass phrase, or it could be stored on an external device only plugged in at boot.

    4. Re:Any use of this? by Anonymous Coward · · Score: 0

      What I had in mind was more something like cold boot attacks, hot swapping of the drive without interrupting its power supply, and tampering with the hardware without the user knowing. The key should be kept reasonably secure in drive memory while it is operating.

      If you allow the operating system to manage the key and/or passphrase entry, a hardware device offers no additional security.

    5. Re:Any use of this? by cfalcon · · Score: 1

      Pls mod up. It gains the illusion of security at the expense of actual security. Every abstraction layer that can peek into owner-controlled space (such as a physical device that can read RAM without being gated by the CPU) hurts your actual real audited software encryption. Every layer that offers hidden encryption, (such as hardware, especially hardware that gets to vet or view the output of a user controlled CPU, or hardware that sits below the owner controlled opcodes, such as a soft-updateable CPU "firmware") is full of accidental or purposeful backdoors, and reduces the ability to actually run owner-controlled programs in the first place.

    6. Re:Any use of this? by cfalcon · · Score: 1

      On open piece of hardware that behaves in an owner-controlled way would be no different than your CPU. But repeatedly and endlessly, this is never what we see.

    7. Re:Any use of this? by Anonymous Coward · · Score: 0

      Even if the hardware is open and behaves correctly, wouldn't the dollar amount spent on the extra hardware be better spent on a better CPU, where the extra computing power can be used for disk encryption and other things?

    8. Re:Any use of this? by JesseMcDonald · · Score: 1

      If you allow the operating system to manage the key and/or passphrase entry, a hardware device offers no additional security.

      As far as I can tell, the only additional security you might get from implementing the encryption in the hardware is that since disabling the drive encryption without losing data requires the lengthy step of rewriting all the data on the drive, it becomes harder to exfiltrate cleartext by writing it to the hard drive unencrypted. As attacks go, this isn't a very likely one; it still requires the attacker to gain physical access to the drive, when they probably have much better ways to get data off a running system. Apart from that, the OS (and thus any sufficiently privileged malware) already has direct access to all the decrypted data on the drive, so in that respect it's no different from doing the encryption in software. The OS has the additional ability to tie the encryption to a hardware security module if one is available, meaning that the drive cannot be removed from the system and decrypted offline without brute-forcing a key much longer than a typical password.

      Built-in hard disk encryption is a performance optimization at most. In exchange for that small performance boost, you get attempts at security-through-obscurity with encryption-defeating bugs like the one in this article baked into the drive's firmware.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
    9. Re:Any use of this? by WorBlux · · Score: 1

      How do you even know your software encryption program is actually unmodified and not modified or spied upon by parts of the OS modified to be malicious? Unless you air-gap the computer (and even that sometimes isn't enough (high-frequency listening implanted in the firmware) and keep it in a tamper-evident pouch when you aren't using it? Otherwise you need at minimum you need a verified boot chain and a cryptographically signed file-system. Yes the keys should be owner accessible or replicable, but unfortunately such systems rarely pass the grandma test.

    10. Re:Any use of this? by WorBlux · · Score: 1

      How many 128-bit keys can you memorize?

    11. Re:Any use of this? by nedlohs · · Score: 1

      All of them,

  3. TrueCrypt by dinfinity · · Score: 3, Informative

    I bought one of the WD Passport drives, but I immediately decided that I didn't want to rely on a harddisk manufacturer for security and encryption (or deal with potentially very crappy software).

    So I just created a TrueCrypt partition and now sometimes deal with the very slight inconvenience of having to mount it (and with the risk that TC has actually become less safe than the alternatives, of course).

    1. Re:TrueCrypt by OzPeter · · Score: 1

      Unless you throughly reviewed and and independently tested TrueCyrpt all you seem to have done is to exchange one set of assumptions for another (and you also allude to the fact that you have no idea as to the quality of TrueCrypt.)

      --
      I am Slashdot. Are you Slashdot as well?
    2. Re:TrueCrypt by GameboyRMH · · Score: 1

      Why haven't you moved to VeraCrypt yet?

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    3. Re:TrueCrypt by Sumus+Semper+Una · · Score: 1

      Unless you throughly reviewed and and independently tested TrueCyrpt all you seem to have done is to exchange one set of assumptions for another (and you also allude to the fact that you have no idea as to the quality of TrueCrypt.)

      Unless you have the time and the background to understand each choice you will ever be given, you're going to have to make some assumptions in life. Does it not make more sense to assume that well known software whose sole purpose is encryption might be better than software added on by a manufacturer who is not necessarily well known to be knowledgeable in encryption practices?

    4. Re:TrueCrypt by OzPeter · · Score: 1

      Does it not make more sense to assume that well known software whose sole purpose is encryption might be better than software added on by a manufacturer who is not necessarily well known to be knowledgeable in encryption practices?

      I think you are trying for a definition of irony here - countering my assertions on the unknown state of knowledge when applying assumptions - with an assumption.

      --
      I am Slashdot. Are you Slashdot as well?
    5. Re:TrueCrypt by Anonymous Coward · · Score: 0

      I did exactly what you did with a new 2 TB portable Western Digital hard drive that I bought several months ago.

      Never ever trust a closed source proprietary bullshit crypto implementation...

    6. Re:TrueCrypt by dinfinity · · Score: 2

      I don't really trust VeraCrypt yet.

      Last time I checked, it was a product of just one French guy who may not even have a very, very solid understanding of cryptography. Even if he's not malicious, his well-intended changes might be making the product worse rather than better.

      I'll reevaluate it at some point in the near future, however.

    7. Re:TrueCrypt by dinfinity · · Score: 2

      Your logic is flawed. Just because something is an assumption doesn't mean it is as unreliable as any other assumption.

      Honestly, do you not see the stupidity of trying to lecture me on a decision that has already proven to be the right one and the irony of doing so in the comments on an article that actually provides that proof?
      WD's products have proven to suck at cryptography and security. TC has not (yet).
      WD makes harddisks. TCs is a product aimed 100% at cryptography and security.

      Lumping them both together and implying they are equally unreliable because I haven't done an audit of the code of TC is retarded. Don't force your point of 'nothing is ever completely secure' into this. We know it isn't, yet we still have to try to choose the best of the imperfect options.

    8. Re:TrueCrypt by OzPeter · · Score: 1

      So when did you come to the realization that WD cryptography is crap? Was it before this report came out? Or are you only jumping on the bandwagon now and post hoc claiming the validity of your decision?

      Prior to this report you'd think that it was a reasonable assumption that a company with a $17B market cap could hire as many cryptography experts as they wanted to work on their products rather than pass it off to the current intern. But no, your decision was not based on any facts but rather an emotional response to your beliefs of the relative merits of each product. That you made a decision that coincidentally bears out your emotional bias against WD does not negate the fact that an assumption is an unknown and you can't know an unknown, and you did trade one unknown for another.

      And in fact you even agree with me when you keep saying that TrueCrypt has not been proven to suck (yet). If you have such faith in TrueCrypt, why do you feel the need to qualify it? Or are you unconsciously admitting that your knowledge about the quality of TrueCrypt is incomplete and you are making an assumption of its fitness of use?

      --
      I am Slashdot. Are you Slashdot as well?
    9. Re:TrueCrypt by Anonymous Coward · · Score: 0

      I did exactly same thing.
      I only got this drive because it was dirt cheap, I never wanted their crypto. Now as it turns out you can disable the custom firmware by desoldering or bypassing one EEPROM chip [section 3.1.1 of the pdf]. This will make it a dumb SATA to USB bridge which is exactly what I want. Looking forward to it.

    10. Re:TrueCrypt by Anonymous Coward · · Score: 0

      I came to that realization a year before report came out after reading some posts on forensics forums where people were dealing with hidden partition on drives... No I won't bother finding the links now.

    11. Re:TrueCrypt by Anonymous Coward · · Score: 0

      I am not aware of any crypto bugs for TrueCrypt when used to encrypt/decrypt data drives. I'm still using it in that mode and not planning to switch.
      Most of the critical bugs are for Windows version when dealing with encryption/decryption of OS drive, i.e. bugs in bootloader, or drivers.

    12. Re:TrueCrypt by dinfinity · · Score: 2

      Was it before this report came out? Or are you only jumping on the bandwagon now and post hoc claiming the validity of your decision?

      No. I made the decision for the reason I mentioned. My experience with most manufacturers doing things that are outside of their core business is that those things tend to suck (badly).

      Prior to this report you'd think that it was a reasonable assumption that a company with a $17B market cap could hire as many cryptography experts as they wanted to work on their products rather than pass it off to the current intern. But no, your decision was not based on any facts but rather an emotional response to your beliefs of the relative merits of each product.

      It is irrelevant how many experts they could hire. It is relevant how many experts they probably would hire. They know fuck-all about cryptography and security and are very probably not going to understand how much time and effort is required to do them right. I also don't believe they care enough about doing it right. It's more of an us-too feature than a USP.

      But no, your decision was not based on any facts but rather an emotional response to your beliefs of the relative merits of each product. That you made a decision that coincidentally bears out your emotional bias against WD does not negate the fact that an assumption is an unknown and you can't know an unknown, and you did trade one unknown for another.

      Fuck you and your strawmen. I already told you that assumptions are not interchangeable (as you imply) and why in this case one assumption specifically is not the other. If you don't have the decency to respond to that, then fuck you.

      If you have such faith in TrueCrypt, why do you feel the need to qualify it? Or are you unconsciously admitting that your knowledge about the quality of TrueCrypt is incomplete and you are making an assumption of its fitness of use?

      And fuck you again. I never said that I have 'such faith in TrueCrypt' and have clearly and repeatedly indicated from the start that I am aware that it is not perfectly trustworthy. So no, I am not 'unconsciously' admitting shit.

      Just accept that you were unjustly talking shit and go away. You're trying to hold on to a very weak and worthless position.

  4. Do not trust firmware or embedded hardware by gweihir · · Score: 4, Interesting

    The researchers managed to break in because of gross design and implementation errors. Even venerable and well-known (and utterly stupid) faults like low-entropy key generation make several appearances, as do possibilities to simply read keys from EEPROM or disk or keys encrypted with a static key and stored on the device itself without the need to do so. The only valid conclusion is that none of the "engineers" involved have any reasonable level of experience and knowledge as to how to implement cryptography right. As a consequence they all fail.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Do not trust firmware or embedded hardware by goarilla · · Score: 1

      I wonder if the same people implement their Enterprise SED schemes.

    2. Re:Do not trust firmware or embedded hardware by gweihir · · Score: 1

      Probably. Nobody is going to analyze these anyways, far too for expensive. And why have a second design team when you already have one that does fine work?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Do not trust firmware or embedded hardware by fuzzyfuzzyfungus · · Score: 1

      They may or may not have any better people on the job; but 'enterprise' SED usually means 'TCG Opal Compliant', which would require a different implementation than the drives described here. I don't know how well that spec prevents shoddy implementations; but it involves a bunch of standardized interaction between the drive, OS/driver, and TPM; while the 'encryption' here is purely between WD's lousy software and their dodgy little USB/SATA bridge chip.

      I don't know how much better the situation is or isn't; but it's unlikely that they were able to reuse too much.

    4. Re:Do not trust firmware or embedded hardware by swb · · Score: 1

      I would think that encryption at the OS level would be a safer concept anyway. It's closer to where the data is actually used and generated and guarantees that the data is encrypted no matter what device a given system is writing to.

      It's not hard to see situations where an OS is moved to other hardware or backing storage is changed. Relying on encrypted disks providing that suddenly means it's unencrypted.

    5. Re:Do not trust firmware or embedded hardware by GrumpySteen · · Score: 2

      The only valid conclusion is that none of the "engineers" involved have any reasonable level of experience and knowledge as to how to implement cryptography right.

      Hooray for outsourcing engineering to the lowest bidder from India!

    6. Re: Do not trust firmware or embedded hardware by bill_mcgonigle · · Score: 1

      The only valid conclusion is that none of the "engineers" involved have any reasonable level of experience and knowledge as to how to implement cryptography right. As a consequence they all fail.

      Generally speaking, everybody gets crypto wrong. The factors that we can control are how many people are looking at the code and how good is the reputation of the authors.

      Who wrote the WD firmware? A low bidder anonymous tech firm? An intern working on reference demo code?

      Smart people will run LUKS on their drives or Veracrypt (or even Bitlocker) on their drives. If WD were smart they'd just OEM Veracrypt for the "Home Edition" users and ship cheaper drives - only in a synthetic benchmark could this approach be worse than all the others.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    7. Re:Do not trust firmware or embedded hardware by aaaaaaargh! · · Score: 1

      Encryption at the OS level is very insecure, because common operating systems are very insecure.

      But I agree that in the end the difference doesn't matter, since the only secure hardware encryption would be an external drive with independent key entry, i.e. an external drive with its own keypad. Why use a hardware device if a simple keystroke logger is enough to "break the encryption"?

    8. Re: Do not trust firmware or embedded hardware by Anonymous Coward · · Score: 0

      Given that WD could easily ship on-board LUKS or True/Vera crypt derived software, and they choose not to at higher initial cost, lower security, higher long term cost, and less user trust...

    9. Re:Do not trust firmware or embedded hardware by Anonymous Coward · · Score: 0

      The only valid conclusion is that none of the "engineers" involved have any reasonable level of experience and knowledge as to how to implement cryptography right.

      In these post-Snowden times you're not showing nearly enough scepticism. It's at least equally as valid a conclusion that this is all deliberate, done to provide NSA & friends with an easy way in but with the plausible deniability of blaming a poor quality engineer or a slip-up in the QA process if discovered.

    10. Re:Do not trust firmware or embedded hardware by gweihir · · Score: 1

      It would be different, yes. But if the same clueless people did it, I have no doubt they found ways to screw it up.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:Do not trust firmware or embedded hardware by gweihir · · Score: 1

      At the same time, your argument is completely irrelevant as this is only about protecting data-at-rest, i.e. the OS does the encryption, but it is not running at attack time. Unless the OS screws up the encryption itself, it will be secure.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    12. Re:Do not trust firmware or embedded hardware by gweihir · · Score: 1

      Or China. I once was on the phone with a crypto-implementer in China for a very well known US company, and I had to explain basic encryption concepts to him.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    13. Re:Do not trust firmware or embedded hardware by gweihir · · Score: 1

      The NSA is mostly signals intelligence. The attacks here are for physical access to the unplugged device. This does not fit.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    14. Re:Do not trust firmware or embedded hardware by Anonymous Coward · · Score: 0

      At the same time, your argument is completely irrelevant as this is only about protecting data-at-rest

      Uhm, no, you've just made that up.

    15. Re:Do not trust firmware or embedded hardware by silas_moeckel · · Score: 1

      But I am sure his resume said he had decades of experience and several PHD's in the subject even though he was only 25.

      --
      No sir I dont like it.
    16. Re:Do not trust firmware or embedded hardware by Anonymous Coward · · Score: 0

      It absolutely fits. When the CIA or military comes into possession of a physical hard drive with strongly encrypted contents, who do you think they're going to ask to decrypt it? You think we maintain one organization for breaking encryption on physical media, and another organization for breaking encryption securing wire and radio communications? The overlap is nearly perfect. I'm sure there are different groups which specialize in this, but I'm equally sure they both operate within the NSA.

      The NSA works hand-in-hand with the CIA and DIA.

      If the question was whether the FBI maintained a parallel program to develop these skills, then I'm sure that they do, at least on paper.

  5. American brands by Anonymous Coward · · Score: 0

    have always been weak and compromised like this. Stick to the Japanese brands. Yes, they are slightly more expensive, but they are secure, and as tests have clearly shown they are considerably more rugged and with a longer life-span.

    1. Re:American brands by cfalcon · · Score: 1

      Given that all brands are generally manufactured in similar facilities (down to the fact that when there was a tsunami in one specific area, ain't nobody shipping shit for months), why do you think this? Can you link to something?

  6. Business as usual by UberVegeta · · Score: 2

    "Quoting the abstract should to be enough" Business as usual on /. then.

    --
    I knew I needed to stop reading Slashdot and finish my PhD when I started to miss articles by Bennett Haselton.
  7. What good are these things? by Anonymous Coward · · Score: 0

    Can anyone think of a case where the encryption on these drives is somehow useful to the owner?

    If the owner isn't in control the key, then it seems to have a best case scenario of being completely useless, and the average case would have negative value.

    If it's not good for security, and it's not good (actually: bad) for reliability, then what's it good for?

    1. Re:What good are these things? by Solandri · · Score: 1

      Can anyone think of a case where the encryption on these drives is somehow useful to the owner?

      They're used on corporate laptops where sensitive data is stored on the HDD, in case the laptop is lost or stolen. Even if the laptop is protected by a BIOS password and a Windows password, someone can still remove the HDD, connect it to a different computer, and access the data that way. Encrypting the HDD prevents that mode of attack.

    2. Re:What good are these things? by Anonymous Coward · · Score: 0

      Does this hardware feature exist because Windows is lacking built-in full-disk encryption? That's a feature corporate users have needed forever, and what is Microsoft working on instead? UI redesigns nobody asked for?

  8. NopeNopeNopeNope... by Aaden42 · · Score: 2

    From TF-PDF:

    These hard drives comes pre-formatted, pre-encrypted

    So WD by definition knew the AES key the drive was encrypted with. Even if they did everything else perfectly (which they clearly didn't), somebody besides you knew the key. Fail...

  9. Shocking news by JustAnotherOldGuy · · Score: 3, Insightful

    "...several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials."

    I know I'm simply stunned by this hard-to-believe finding.

    It's almost like somebody somewhere intended for the drive to be able to be read in spite of all the super-duper-mega-awesome data protection whatchamacallit stuff.

    Either that or all of the engineers at Western Digital involved in designing this thing are utter morons who have no idea what they're doing.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Shocking news by moneybabylon · · Score: 0

      "Never attribute to malice that which is adequately explained by stupidity."

    2. Re:Shocking news by antdude · · Score: 1

      Most likely "Either that or all of the engineers at Western Digital involved in designing this thing are utter morons who have no idea what they're doing."

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  10. No thanks by Anonymous Coward · · Score: 0

    I'll let my OS handle my encryption, but thanks anyway.

    I'm leery enough putting data in LUKS containers (a complex piece of software that I have only a basic understanding of, and skimming the source does little to improve that understanding) and relying on onboard AESNI acceleration (built into the chip, so I have about zero control over that shit) to speed it up, so I don't need or want a vendor making their own half assed attempt at trying to keep my data "safe"

  11. NSA Has Leverage by Anonymous Coward · · Score: 0

    Should anybody be the least bit surprised? The NSA has incredible leverage here.

    NSA: We'd like you to not put too much effort into your encryption features.
    WD: Why would we do that?
    NSA: You'll do it if you want our $100 million contract to supply hard drives to our massive data centers.

    The NSA has been doing this with telecom companies for decades. And they probably buy enough equipment to be able to manipulate _all_ the hard drive vendors this way. Plus, unlike with routers or other similar hardware or services, subverting hard drive encryption won't have much of a negative impact on public security, and none with respect to network security. Hard drive encryption is only useful for preventing physical attack, but in the vast majority of cases the physical attackers will be the gov't, not criminal syndicates or hackers.