Research overview: ========================== Research on Western Digital wide-spread self-encrypting hard drive series "My Passport" / "My Book". Devices researched utilizes mandatory HW AES encryption. Authors: ========================== Gunnar Alendal Christian Kison modg Paper and presentation links: ========================== Full paper at Cryptology ePrint Archive: https://eprint.iacr.org/2015/1002.pdf Presentation slides, based on research paper: http://hardwear.io/wp-content/uploads/2015/10/got-HW-crypto-slides_hardwear_gunnar-christian.pdf Vulnerabilities disclosed: ========================== Multiple vulnerabilities, including: * Multiple authentication backdoors, bypassing password authentication * AES factory key recovery attacks, exposing user data on all affected devices, regardless of user password * Exposure of HW PRNGs used in cryptographic contexts * Unauthorized patching of FW, facilitating badUSB/evil-maid attacks Vendor notification: ========================== The vendor has been informed of the research. Patches: ========================== The authors are not aware of any fixes. Architectures researched: ========================== USB Bridge Vendor - Chip model - Architecture =============== JMicron - JMS538S - Intel 8051 Symwave - SW6316 - Motorola M68k PLX - OXUF943SE - ARM7 Initio - INIC-1607E - Intel 8051 Initio - INIC-3608 - ARC 600 JMicron - JMS569 - Intel 8051 ===============