“After researching the inner workings of some of the numerous models in the My Passport external hard drive series,” the authors wrote, “several serious security vulnerabilities have been discovered, affecting both authentication and confidentiality of user data. We developed several different attacks to recover user data from these password protected and fully encrypted external hard disks. In addition to this, other security threats were discovered, such as easy modification of firmware and on-board software that is executed on the user’s PC, facilitating evil maid and badUSB attack scenarios, logging user credentials and spreading of malicious code.”
Most self-encrypting external USB hard drives consist of a USB bridge and a SATA 2.5” hard drive. Plain-text data from the PC is received by the USB bridge and encrypted prior to being written to the hard drive. Data read from the hard drive is decrypted prior to transmission to the PC. Older products include USB bridges capable of AES hardware encryption. Some newer products perform the encryption within the SATA controller instead of the USB bridge.
AES encryption is simple, especially when implemented in hardware. But, as the old saying goes, the devil is in the details. In the case of self-encrypting drives, those details include how keys are generated, protected, and stored.
In a perfect world, key generation algorithms would be completely random. This would force an attacker to search, on average, half the total key space. Long keys, such as used for 256-bit AES, make this brute force approach infeasible. However, the authors found that the products used an insecure random number generator and the current time as a seed:
“From an attacker perspective this allows us to predict the actual seed used in the factory DEK generation setup, as it’s just a function call to time(), which returns a 32-bit UNIX timestamp value. The implications of this is that we never need to brute force the full 32-bit complexity for the seed to srand(). We’ll only brute force possible valid dates. So if we assume My Passport devices with JMS538S chips were starting to ship from factory at around year 2007, we could start at UNIX timestamp 0x45000000 (07 September 2006 11:18:24 UTC) and end at around the current date at UNIX timestamp 0x55000000 (11 March 2015 08:42:40 UTC). This leaves us with only 0x01000000 possible seeds to srand(). This has a complexity of 2^28.
Another fact that dramatically reduces the possible UNIX timestamp range is the fact that all HDDs are marked with a production date printed on the actual HDD. The factory DEKF must have been generated close to this date. Our test devices show that the factory DEKF set was generated within days after the HDD production date. We did not take advantage of this fact since the complexity of the attack was already easy to handle for all possible timestamps.”
The authors further explained, “The complexity of the attack is so small that we in fact can pre-compute all possible factory generated DEKs, encrypt one 16-byte all-zero block with it and keep a sorted lookup-table with encrypted all-zero blocks and the corresponding seed and RNG index. This will make decryption of any JMS538S device with a vulnerable factory set DEK instant. An attacker only needs to get hold of a single 16-byte encrypted all-zero AES block from the device for instant DEK lookup and decryption of user data. Getting hold of such a block should be simple as most MBR and GPT partition headers contains multiple all-zero 16-byte blocks.”
In other words, the insecure random number generator makes it trivial to decrypt many of these drives. The authors also found several other vulnerabilities.
A good way to protect the master AES key used to encrypt data is to derive a key from the user’s passphrase. When the user enters a passphrase, a key is derived from it, and that key is used to decrypt the master key. “The protection of the DEK on the Symwave 6316 is basically security by obscurity,” the authors wrote, explaining that the key is stored on the hard drive, “protected using a hardcoded AES-256 key…The effect of all of this is that an attacker needs only get hold of the SYMW blob to authenticate and decrypt any user data, regardless of any user password set.”
The authors also found that the drive firmware and Virtual CD (VCD) used to provide users with the software needed to authenticate to the drive could be replaced with malicious code, “Our research discovered that the firmware and VCD iso that is flashed to the My Passport devices are not digitally signed and revealed the existence of VSCs that can be used to update both the USB bridge firmware and VCD.” This makes it possible for a badUSB Stuxnet-like attack.
Consumers and business users must remain cognizant of the fact that all products offering encryption are not created equal. Some products are designed from the ground-up to be secure, while others have security features added as an afterthought. When cryptography is required to protect sensitive data, look for products with cryptographic modules validated to the FIPS 140-2 standard.
Have a security question you’d like answered in a future column? Email firstname.lastname@example.org
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…