DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 16, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 189 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

WD self-encrypting HDDs are surprisingly easy to crack

Posted on Wednesday, October 21 2015 @ 12:55:30 CEST by


Security researchers took a look at some popular self-encrypting consumer HDDs from Western Digital and found they're riddled with security issues that make it easy for someone to retrieve your data, sometimes even without having to crack your password:
The paper, titled got HW crypto? On the (in)security of a Self-Encrypting Drive series, recited a litany of weaknesses in the multiple versions of the My Passport and My Book brands of external hard drives. The flaws make it possible for people who steal a vulnerable drive to decrypt its contents, even when they're locked down with a long, randomly generated password. The devices are designed to self-encrypt all stored data, a feature that saves users the time and expense of using full-disk encryption software.

"After researching the inner workings of some of the numerous models in the My Passport external hard drive series, several serious security vulnerabilities have been discovered, affecting both authentication and confidentiality of user data," the researchers wrote. "We developed several different attacks to recover user data from these password protected and fully encrypted external hard disks."
The full 36-page report can be found over here. Users wishing to securely encrypt a HDD are recommended to opt for software from provides with a longer track record like Symantec, which acquired PGP's Full Disk Encryption.

Source: ARS Technica



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba