Self-Encrypting Western Digital Hard Drives Easy To Crack

New submitter lesincompetent writes: Security researchers have found severe flaws in the encryption methods used in certain hard drives from Western Digital. Quoting the abstract should be enough to show how dire the situation is: "We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials." The paper by Alendal, Kison and modg is available here in PDF format.

Do not trust firmware or embedded hardware

[gweihir]

The researchers managed to break in because of gross design and implementation errors. Even venerable and well-known (and utterly stupid) faults like low-entropy key generation make several appearances, as do possibilities to simply read keys from EEPROM or disk or keys encrypted with a static key and stored on the device itself without the need to do so. The only valid conclusion is that none of the "engineers" involved have any reasonable level of experience and knowledge as to how to implement cryptography right. As a consequence they all fail.