0

Recently I came across this whitepaper: https://eprint.iacr.org/2015/1002.pdf

It states vulnerabilities in Western Digital hard drives but doesn't include exact model numbers.

I have WD My Passport WDBYFT0040BBK-WESN and I wonder if my hard drive is encrypted properly so that nobody can access the data without knowing the password?

Defozo
  • 113
  • 4
  • You need to get the USB ID of the drive. The paper lists those USB ID that have the issue. You can get this by plugging the device in and looking at the device tree or via `lsusb`. – Dan D. Apr 25 '18 at 16:14
  • you would have to open it up and identify the chips inside, just like the paper says – schroeder Apr 25 '18 at 16:14
  • @DanD Uh, which of the ones is it guys? `lsusb` or opening up the drive? – Maarten Bodewes Apr 25 '18 at 16:59

1 Answers1

1

That paper has 2 tables (table 2 and table 6) listing VID:PID (vendor id and product id) for devices known to use the chips they examined. You can find the VID and PID of a usb device on Linux using lsusb, other systems may have other methods to obtain VID and PID.

However, it's possible that your device uses one of the chips listed in table 1 without being listed in table 2 or 6, as the authors could have been unaware of it or it could have been released after the paper was written.

Even if your device doesn't use one of the chips examined in that paper, given the track record I wouldn't rely on it for anything sensitive. In general software solutions for disk encryption have an advantage here as they're generally more widely audited and they don't have to be tested for each and every hard drive model.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50
  • My hard drive identifies itself as 1058:25E2. However, it's neither good nor bad information for me. The paper doesn't include my model but, as you said, I still don't know if I can trust it. – Defozo Apr 27 '18 at 10:04