Skip to main content
  1. Home
  2. Computing
  3. News

Encryption on some portable drives proves less secure than you’d expect

By

western digital encryption flaws mypassport
Image used with permission by copyright holder
Encryption is a hot-button topic at the moment. If you’re a government official, it’s the bane of the intelligence world and a tool for terrorists. If you’re a whistleblower, freedom fighter, or journalist, it can be your lifeline to those that can help you. If you’re just an average citizen, it can be a way to give you a little bit more privacy than the current climate of technology offers.

But some devices that are designed to help Joe Consumer keep his files safe and secure from prying eyes while on the move are far from capable. In fact, some have been found to be easy enough to crack open that they don’t even require a password — making it rather redundant to create and memorize a long and complicated one.

Recommended Videos

This was discovered as part of an investigation by a group of security researchers into the levels of security on portable hard drives like Western Digital’s My Passport and My Book series. It turns out they are very lax, as those looking into it discovered multiple ways that the data could be removed quite painlessly.

Please enable Javascript to view this content

Published in a report titled, “got HW crypto? On the (in)security of a Self-Encrypting Drive series,” the results paint a poor picture of Western Digital’s security, but also suggest that the standards within the industry are far from high.

While there are several security measures in place, like locking down the USB connection until a password is entered and salting the password, they don’t go very far in protecting the data. In one case, the random data used for the password hash is taken from the current time on a computer clock, making it very easy to guess. Although as Ars Technica points out, that particular flaw was patched out some time ago, not everyone will have updated their devices.

In another, much more egregious instance, the hash of the default password was found on some drivers when a user-generated code had only been changed once — making it a breeze for security researchers to crack it. Another problem was that some devices allowed for the copying of the password hash off the device, making it possible to crack it away from the drive in question.

In some instances, the Western Digital firmware itself was vulnerable to attack, though this and other problems were less prevalent in newer versions of the drives.

Although this isn’t necessarily an indication of every external drive with automated encryption being poorly protected, it does suggest that claims of high-security on such devices should be taken with a pinch of salt. For those wanting true protection, full-disk encryption is still a much safer bet.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
The stars are aligning for a perfect PC handheld — but one thing’s missing
The Lenovo Legion Go S with SteamOS installed.

At CES 2025, I saw some of the most exciting developments in the world of handheld gaming PCs that I've ever seen, but completely absent from the conversation was Nvidia. It's a world dominated by AMD with its semi-custom designs like the new Ryzen Z2 range, and one that Intel is slowly working its way into with devices like the MSI Claw 8 AI+. Team Green, by comparison, doesn't seem interested.

An Nvidia handheld wouldn't inherently be better than the crop of AMD-powered devices we have now, from the Steam Deck OLED to the new Lenovo Legion Go S, but Nvidia already has features and hardware that fit the ethos of handhelds perfectly. But even with so much going for Nvidia in handhelds, it remains one tough nut to crack.
It's all coming together

Read more
Sony’s flip-up XR headset costs even more than an Apple Vision Pro
Sony's SRH-S1 held in a hand at CES 2025.

Sony is one of the biggest names in VR gaming with the popular PlayStation VR2. Now it’s launching a high-end XR headset with specifications that rival the Apple Vision Pro. To be clear, this isn’t the Sony XYN headset powered by Google's new Android XR, and it won’t connect to a PlayStation 5. It’s aimed at enterprise customers that design products, and it costs even more than the ultra-premium Vision Pro.

Priced at $4,750, the Sony SRH-S1 is a powerful system with integrated hardware and software, a flip-up visor, and unique controllers optimized for manipulating virtual 3D objects. Being able to lift the visor for face-to-face conversations is convenient. The halo strap design also removes all facial pressure. A ring on one finger lets you grasp items, and a 3D stylus that looks like something from a sci-fi movie allows precise adjustments.

Read more
Amazon has slashed the price of the MacBook Pro M4 by $250
Someone using a MacBook Pro at a desk.

Amazon is often the home of great Apple deals, and that continues to be the case today. Right now, you can buy the latest Apple MacBook Pro with M4 Pro chip for $250 off. That means instead of paying $2,499, you pay $2,249. That’s not quite the lowest price it’s ever been, but it’s not far off -- the MacBook Pro with M4 has only ever dropping to $2,199 at its lowest. For the most part, $2,249 is a sweet deal and one of the better laptop deals around. If you’re keen to learn more, read on and we’ll take you through all it has to offer.

Why you should buy the Apple MacBook Pro with M4 Pro
The latest MacBook Pro tops our look at the best MacBooks for so many fantastic reasons. It’s a true powerhouse of a machine while still looking super elegant and stylish. In our MacBook Pro review, we described it as “the best gets even better.” It offers “record-breaking performance,” with the M4 Pro chip proving to be exceptionally powerful for all kinds of tasks. It also has a best-in-class keyboard and trackpad, which adds to the experience.

Read more