Skip to main content
  1. Home
  2. Computing
  3. News

Encryption on some portable drives proves less secure than you’d expect

Jon Martindale
By

western digital encryption flaws mypassport
Image used with permission by copyright holder
Encryption is a hot-button topic at the moment. If you’re a government official, it’s the bane of the intelligence world and a tool for terrorists. If you’re a whistleblower, freedom fighter, or journalist, it can be your lifeline to those that can help you. If you’re just an average citizen, it can be a way to give you a little bit more privacy than the current climate of technology offers.

But some devices that are designed to help Joe Consumer keep his files safe and secure from prying eyes while on the move are far from capable. In fact, some have been found to be easy enough to crack open that they don’t even require a password — making it rather redundant to create and memorize a long and complicated one.

Recommended Videos

This was discovered as part of an investigation by a group of security researchers into the levels of security on portable hard drives like Western Digital’s My Passport and My Book series. It turns out they are very lax, as those looking into it discovered multiple ways that the data could be removed quite painlessly.

Related

Published in a report titled, “got HW crypto? On the (in)security of a Self-Encrypting Drive series,” the results paint a poor picture of Western Digital’s security, but also suggest that the standards within the industry are far from high.

While there are several security measures in place, like locking down the USB connection until a password is entered and salting the password, they don’t go very far in protecting the data. In one case, the random data used for the password hash is taken from the current time on a computer clock, making it very easy to guess. Although as Ars Technica points out, that particular flaw was patched out some time ago, not everyone will have updated their devices.

In another, much more egregious instance, the hash of the default password was found on some drivers when a user-generated code had only been changed once — making it a breeze for security researchers to crack it. Another problem was that some devices allowed for the copying of the password hash off the device, making it possible to crack it away from the drive in question.

In some instances, the Western Digital firmware itself was vulnerable to attack, though this and other problems were less prevalent in newer versions of the drives.

Although this isn’t necessarily an indication of every external drive with automated encryption being poorly protected, it does suggest that claims of high-security on such devices should be taken with a pinch of salt. For those wanting true protection, full-disk encryption is still a much safer bet.

Editors' Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to draw on Google Docs to add doodles, sketches, and more
The Google Play Store, YouTube, and Google Docs installed on an Amazon Fire Max 11.

Word processing software isn’t the kind of tool that most users would consider exciting, which is why we’re glad to see companies like Google adding a little flair to its own products. We’re talking about Google Docs, a free-to-use word processor that’s part of your larger Google Account ecosystem. Basic formatting options and other familiar word processing functions are front and center on Google Docs, but the ability to add doodles, sketches, and other entertaining media to your next Docs file requires a special bit of know-how.

Read more
AMD’s upcoming APUs might destroy your GPU
AMD CEO Lisa Su holding an APU chip.

The spec sheets for AMD's upcoming APU lineups, dubbed Strix Point and Strix Halo, have just been leaked, and it's safe to say that they're looking pretty impressive. Equipped with Zen 5 cores, the new APUs will find their way to laptops that are meant to be on the thinner side, but their performance might rival that of some of the best budget graphics cards -- and that's without having a discrete GPU.

While AMD hasn't unveiled Strix Point (STX) and Strix Halo (STX Halo) specs just yet, they were leaked by HKEPC and then shared by VideoCardz. The sheet goes over the maximum specs for each APU lineup, the first of which, Strix Point, is rumored to launch this year. Strix Halo, said to be significantly more powerful, is currently slated for a 2025 release.

Read more
Hyte made me fall in love with my gaming PC all over again
A PC built with the Hyte Nexus Link ecosystem.

I've never seen anything quite like Hyte's new Nexus Link ecosystem. Corsair has its iCue Link system, and Lian Li has its magnetic Uni system, and all three companies are now offering ways to tie together your PC cooling and lighting devoid of extraneous cables. But Hyte's marriage of hardware, software, and accessories is in a league of its own -- and it transformed my PC build completely.

I've been using some of the foundational components of the ecosystem for about a week, retailoring a build inside of Hyte's own Y40 PC case to see how the system works. It doesn't seem too exciting at first -- Hyte released an all-in-one (AIO) liquid cooler, some fans, and a few RGB strips, who cares? But as I engaged more with the Nexus Link ecosystem, I only became more impressed.
It all starts with the cooler

Read more