Customers who purchased Western Digital drives may have previously thought that the My Passport family of data encryption systems should protect them from unauthorized access. But specialists have discovered that it is completely useless and does not protect them in any way.
Portable drives are a very convenient tool for transferring data between computers. Because of their small size, however, there is a risk that somewhere along the way will be lost or stolen. That’s why manufacturers are equipping them with data encryption systems so that even if someone later finds them, they can not access the information stored on it.
This system is also pre-installed on Western Digital’s My Passport drives, which uses 256-bit AES encryption, and then accesses theoretically only after a password has been entered.
The problem is that this system does not work at all, and this is confirmed by a study by three experts who surveyed six My Passsport drives, showing large gaps in data security software.
In some models, the encryption key can be defeated by a simple brute-force method, which is a very bad message for people who will lose a drive as a result of theft because their decryption is child’s play. On other models, you can easily replace the firmware of a specially crafted disk with access to the files on it. Also, on drives with the Symwave 6316 controller, the encryption key is stored on a disk in the firmware of the media, so recovering data from these models is fabulously simple.