Skip to main content
  1. Home
  2. Computing
  3. News

Encryption on some portable drives proves less secure than you’d expect

Add as a preferred source on Google

Encryption is a hot-button topic at the moment. If you’re a government official, it’s the bane of the intelligence world and a tool for terrorists. If you’re a whistleblower, freedom fighter, or journalist, it can be your lifeline to those that can help you. If you’re just an average citizen, it can be a way to give you a little bit more privacy than the current climate of technology offers.

But some devices that are designed to help Joe Consumer keep his files safe and secure from prying eyes while on the move are far from capable. In fact, some have been found to be easy enough to crack open that they don’t even require a password — making it rather redundant to create and memorize a long and complicated one.

Recommended Videos

This was discovered as part of an investigation by a group of security researchers into the levels of security on portable hard drives like Western Digital’s My Passport and My Book series. It turns out they are very lax, as those looking into it discovered multiple ways that the data could be removed quite painlessly.

Published in a report titled, “got HW crypto? On the (in)security of a Self-Encrypting Drive series,” the results paint a poor picture of Western Digital’s security, but also suggest that the standards within the industry are far from high.

While there are several security measures in place, like locking down the USB connection until a password is entered and salting the password, they don’t go very far in protecting the data. In one case, the random data used for the password hash is taken from the current time on a computer clock, making it very easy to guess. Although as Ars Technica points out, that particular flaw was patched out some time ago, not everyone will have updated their devices.

In another, much more egregious instance, the hash of the default password was found on some drivers when a user-generated code had only been changed once — making it a breeze for security researchers to crack it. Another problem was that some devices allowed for the copying of the password hash off the device, making it possible to crack it away from the drive in question.

In some instances, the Western Digital firmware itself was vulnerable to attack, though this and other problems were less prevalent in newer versions of the drives.

Although this isn’t necessarily an indication of every external drive with automated encryption being poorly protected, it does suggest that claims of high-security on such devices should be taken with a pinch of salt. For those wanting true protection, full-disk encryption is still a much safer bet.

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more