Latest YouTube Video

Monday, October 19, 2015

[FD] Western Digital - My Passport / My Book self-encrypting external hard drive series - Multiple vulnerabilities

Research overview: ========================== Research on Western Digital wide-spread self-encrypting hard drive series "My Passport" / "My Book". Devices researched utilizes mandatory HW AES encryption. Authors: ========================== Gunnar Alendal Christian Kison modg Paper and presentation links: ========================== Full paper at Cryptology ePrint Archive: http://ift.tt/1ReRhCS Presentation slides, based on research paper: http://ift.tt/1LrN3HX Vulnerabilities disclosed: ========================== Multiple vulnerabilities, including: * Multiple authentication backdoors, bypassing password authentication * AES factory key recovery attacks, exposing user data on all affected devices, regardless of user password * Exposure of HW PRNGs used in cryptographic contexts * Unauthorized patching of FW, facilitating badUSB/evil-maid attacks Vendor notification: ========================== The vendor has been informed of the research. Patches: ========================== The authors are not aware of any fixes. Architectures researched: ========================== USB Bridge Vendor - Chip model - Architecture =============== JMicron - JMS538S - Intel 8051 Symwave - SW6316 - Motorola M68k PLX - OXUF943SE - ARM7 Initio - INIC-1607E - Intel 8051 Initio - INIC-3608 - ARC 600 JMicron - JMS569 - Intel 8051 ===============

Source: Gmail -> IFTTT-> Blogger

No comments: