Latest News

An error occured during creating the thumbnail.

Centrify working with Google on Android for Work security

21st October 2015  | Technology

Information security firm Centrify is working with Google to deliver integrated identity and mobile management for Android for Work. Centrify will also deliver single sign-on (SSO) and multi-factor authentication (MFA) for Chromebooks and shared account password management and auditing of privileged users for Google Compute Engine’s virtual servers, and enhanced user provisioning for Google Apps. As companies…

An error occured during creating the thumbnail.

Support scams previously targeting Windows users now targeting Mac users instead

21st October 2015  | Latest News Technology

Mac users are finding themselves on the receiving end of a scheme that previously scammed Windows users out of hundreds of pounds. Remote scammers have been targeting Mac users by sending users fraudulent notifications alerting them to apparent compromises in their system’s security. Users are then directed towards a remote assistance service, which mimics the legitimate Apple services…

An error occured during creating the thumbnail.

Researchers find ‘several serious security vulnerabilities’ in self-encrypting hard drives

21st October 2015  | Latest News Technology

A popular brand of self-encrypting external hard drives contains serious security vulnerabilities permitting attackers easy access to the data it stores. The external hard drives are designed to automatically encrypt all stored data, saving users the time and effort required for full-disk encryption. However, researchers Gunnar Alendal and Christian Kison discovered “backdoors on some of these devices,…

  • 1
  • 2
  • 3

Researchers find ‘several serious security vulnerabilities’ in self-encrypting hard drives

Share on Facebook0Tweet about this on Twitter0Share on LinkedIn0Share on Google+0Share on Reddit0Share on StumbleUpon0Share on Tumblr0Email this to someone

A popular brand of self-encrypting external hard drives contains serious security vulnerabilities permitting attackers easy access to the data it stores.

portable hard drive

The external hard drives are designed to automatically encrypt all stored data, saving users the time and effort required for full-disk encryption.

However, researchers Gunnar Alendal and Christian Kison discovered “backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials”, which are detailed in a paper published at the end of September.

They said: “Several serious security vulnerabilities have been discovered, affecting both authentication and confidentiality of user data.”

The device that has come under scrutiny, Western Digital’s My Passport drive, allows users to set a password before using them.

Theoretically, this would bar anyone who steals the physical device from accessing the information stored on it.

But Alendal and Kison found that some models stored passwords on the drives themselves, eliminating need for hacker to have a password to access device in the first place.

In another case, they said that it was possible to extract the drive’s hash and load it on to a computer for offline cracking.

The research pair even found a flaw where they were able to predict the underlying security key because it based its random number generation from the current time on the computer clock – although this vulnerability was addressed last year.

Alendal and Kison demonstrated that Western Digital had used cryptographic keys known to be insecure, such as the Rand() command which produces a pseudo-random number.

A Western Digital spokesperson told Ars Technica that the company “has been in a dialogue with independent security researchers relating to their security observations in certain models of our My Passport hard drives.”

The spokesperson added that the firm will “continue to evaluate the observations”, but would not answer directly whether the company intended to issue a patch. They also did not say how such a patch would reach all of its affected customers.

More details of the security flaws can be found in Alendal and Kison’s paper.


TEISS banner

Share on Facebook0Tweet about this on Twitter0Share on LinkedIn0Share on Google+0Share on Reddit0Share on StumbleUpon0Share on Tumblr0Email this to someone
Tagged under