Your IT Consultant

Western Digital Encryption Doesn’t Protect Your Data

October 22, 2015

It was not a good day for Western Digital when a team of academics published a paper showing how poor the encryption implementation is with some versions of its drives. Ars technica, in addition to others, summarized the findings in a recent post. Essentially, multiple versions of the My Passport and My Book external self-encrypting external drives have flaws that don’t really protect your data. According to Threatpost, the researchers were able to uncover key leaks facilitating brute-force password attacks, discover keys stored on the device that bypass any native security, extract and replace firmware and also found complete backdoors into the devices. The insecure random number generator that was seeded with the computer clock time lowers the protection from 256 bits to 32 bits. Granted 256 bit encryption is pretty poor by today’s standards but it’s eight times better than 32 bits.

There is a solution as the problem exists with drives manufactured from 2007 to 2013. Trash the drives and buy new ones. Perhaps from a different manufacturer?

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com