Security Researcher Gunnar Alendal,Christian Kison and modg checked the working of WD self-encrypting external hard disk and discovered the design flaws which allow them to decrypt the data without user password.Even researcher discovered that ,flaw allow them to crack the user password using brute force attack.
Researchers easily found the design flaw based on the microchip used for encrypting the data of user.
In some cases,researchers found that,the encryption is performed by the chip that bridges the USB and SATA interfaces. In other cases the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation.
The researchers examined WD external drive models with six different USB bridges from JMicron Technology, Symwave, Initio and PLX Technology. Due to setup change between the different chips, Researchers Discovered serious security issues varied from device to device based on the implementation technique, the researchers said in a recently released paper.
How WD Encryption Works?
The way encryption works in these drives is that a user-selected password is used to create a key encryption key (KEK). This is a cryptographic hash of the password generated with the SHA256 function.
The KEK is then used to encrypt a separately generated data encryption key (DEK). This encrypted version of the DEK, known as the eDEK, is stored in the USB bridge's EEPROM, in a hidden sector on the hard disk itself or in a special disk region called the service area.
The eDEK is decrypted when the user inputs the correct password in the drive's software that runs on the host computer and the resulting DEK is then used by the chip to perform the encryption and decryption operations on the fly.
Here's the Flaw
For four of the tested USB bridges the researchers found methods of extracting the eDEK, allowing for offline brute-force attacks to guess the KEK and subsequently recover the DEK.
As Per Researchers, all WD drives use a hardcoded salt -- a unique string that gets combined with the user-supplied passwords before hashing for added complexity -- and a fixed iteration count for the hashing itself.
Attackers could use large collections of common passwords to pre-compute their corresponding KEKs. These could then be used to try to decrypt the extracted eDEKs and ultimately the data stored on the drives.But in some cases ,attacker need not have to use brute-force tool and password guessing to decrypt the data because researchers also found authentication flaw in WD external hard drive which provide researcher backdoor access to the encrypted data.
Out of 6 chip,in one chip, KEK is stored in plain text in its EEPROM, making its recovery easy. In another chip, the KEK was stored in encrypted form, but it was encrypted with a hardcoded key that can also be extracted. For a third chip the KEK can be extracted from RAM using a vendor-specific command.
For one JMicron chip, the researchers managed to use a commercial data recovery tool to delete some bits from a drive's service area, completely unlocking the drive's data. This compromises the encryption without the need to recover any password or KEK.
The firmware update process on the tested hard drives does not use cryptographic signature verification and can therefore be hijacked. This could allow attackers to implant malware inside the firmware to infect host computers or to add cryptographic backdoors. There is no easy way to recover from such firmware modifications, the researchers said.
