Western Digital to buy SanDisk, experts eviscerate WD’s encrypted hard drives
on
Get link
Facebook
Twitter
Pinterest
Email
Other Apps
By Joel Hruska
There’s two major pieces of news out today by about Western Digital,
the hard drive manufacturer and storage giant. First up, the company
has announced it intends to purchase SanDisk, a major manufacturer of
NAND flash and memory cards, for roughly $19 billion dollars. That’s a
15% premium over SanDisk’s current stock price. The company has
reportedly been shopping for a buyer — its growth has lagged
expectations in recent years.
It’s probably a smart move for Western Digital, which has
similarly been facing the inevitable decline of its hard drive business.
I don’t expect HDDs to vanish any time soon — the cost / performance
curve is simply too sexy for low-margin vendors like Dell and HP to
resist, and SSDs that can match HDD storage remain far too expensive to
be directly comparable. 6TB drives can be had for $220, or roughly 3.6
cents per GB, while the 850 Evo 2TB version is currently $750. While
that’s an enormous improvement over prices from years ago, there’s still
a 10x cost gap between HDDs and SSDs.
The threat to Western Digital and other manufacturers, however, is that SSDs could drive down sales of enterprise
drives, which typically sell for far more cash and are far more
lucrative than bottom-end consumer hardware. Snapping up SanDisk gives
WD much-needed expertise in bringing NAND products to market and should
help the company’s efforts to position itself as a premiere storage
provider from consumer hardware to enterprise divisions.
WD encryption standards incredibly flawed
Over the past few years, full-disk encryption has become an
increasingly popular way of securing user data. Western Digital
manufacturers a line of supposedly secure hard drives meant to aid in
this endeavor, but a new report indicates
that these drives are incredibly flawed, with numerous security bugs.
Oftentimes these reports focus on a single flaw or line of attack, but
that’s not the case here.
All of the Western Digital My Passport drives use a common architecture, as shown below:
The researchers found that WD has used a wide range of USB bridges,
including parts manufactured by JMicron, Symwave, Initio, and PLX. AES
encryption is supported either by the USB bridges or by the SATA
controller itself, though versions of the drive apparently didn’t offer
hardware AES at all.
Passport drives that use the USB bridge for encryption rely
on either AES-128 or AES-256 to create an encryption key. The
researchers refer to this as the DEK (Data Encryption Key). The DEK is
set at the factory (all of the drives tested used a 256-bit DEK). The
user is then allowed to set an individual password, called the KEK. The
factory-set DEK is itself protected by a static hash value, common to all WD Passport drives, called the KEK8. The KEK8 is hard-coded into the firmware of every drive. once you’ve cracked one WD Passport, you’ve cracked the DEK on every Passport. The diagram below shows the authentication process.
The encryption mechanism
In cryptography, “salting” a password means adding an
additional string of information to the original password to make it
less vulnerable to dictionary attacks. If the user chooses a password
like “abc12345,” but the system salts it by adding #$X,J, the final hash
value will be computed for “#$X,J,abc12345.” Salting passwords isn’t
bulletproof, but it makes entire groups of passwords more difficult to
crack — if the salt is done correctly.
Unfortunately, Western Digital appears to have salted their
entire Passport line using a constant, hard-coded, three-digit salt —
“WDC.” It can’t be changed, under any circumstances.
Hit the DEK
The research team refers to the DEK as the holy grail. An
attacker who gains access to the DEK can bypass the USB bridge and read
the raw data off the drive manually. This requires modifying the drive,
but we’ve seen enough reports on the NSA’s capabilities in the
post-Snowden era to know that this kind of intervention does
occur, at least occasionally. Researchers noted that some of the
critical infrastructure required to make the necessary physical
modifications to the drive is exposed on the HDD PCB itself. This
allowed them to locate where backup copies of the encrypted DEK were
kept and retrieve them. Once the DEK has been copied from the drive, it
can be brute-forced off-site (possibly with considerably more-advanced
computing hardware).
The paper goes on to describe the various attacks made
against each of the drive controllers and models previously listed. Not
every weakness is present in every controller, but every device tested
had enormous security flaws that made it trivial to retrieve critical
data or install so-called “evil maid” attacks. Some drives could be
modified to launch attacks against new targets via malware embedded into
the firmware of the drive itself. There’s also evidence that the Random
Number Generator used in the Jmicron models isn’t actually random at
all (that’s another enormous red flag).
One controller, the Symwave 6316, actually saves the KEK with a hardcoded
encryption sequence and stores it on the drive itself. Since the KEK is
used to unlock the DEK, and unlocking the DEK gives you access to every
bit of data on the drive, this is like locking your house and then
hanging the key right next to the door. The PLX chip contains its own
backdoor problem and actually leaks the encrypted DEK directly from RAM
to the host system. Western Digital’s method of updating the firmware on
the drives is also vulnerable to attack.
Don’t buy a Passport for security
If you want a secure hard drive, don’t buy a WD Passport.
Some of these problems might be fixed with firmware updates, but there
are multiple enormous security flaws embedded in multiple controllers
and firmware. WD might be able to close some of the most egregious
leaks, but it’s unlikely that the drives can be fully patched and
secured. It’s not clear how many of these problems affect other vendors,
and using an additional security program, like VeraCrypt, might avoid
some of them — but the entire point of buying an encrypting hard drive
is supposed to be that these functions are handled in hardware and don’t
necessitate additional software (or the overhead associated with the
same).
Thanks a lot for sharing us about this update. Hope you will not get tired on making posts as informative as this. CouponMonkey external hard drives
ReplyDelete