Verifying Claims of Full-Disk Encryption in Hard Drive Firmware

gAtO fOuNd this and think about it – In approximate physical/logical order, this is every attack gAtO can conceive of at the device level PC- Cell Phones not covered in this brief , but be aware of the similar things in smartDevice (Cell Phones, IPad, Kindle, Nooks: gAtO tHiNk any device that get’s hooked up to my network we should look at, new digital TV with WiFi connection:

1. The BIOS may have been replaced to record passwords

2. The keyboard or keyboard connection may be tapped/keylogged

gAtO lOcO mAyBe sI - nO -lOcO

3. The physical computer may have been tampered with physically installing hardware in any of its components

4. The Operating System may have been tampered with

5. All application used to interact with the hard drive (hdparm) may have been subverted.

6. The SATA connection to the HDD may have been tapped

7. On the Drive

1. The hardware of the drive may been tampered with

2. Firmware upgraded w/backdoors:

1. The firmware may be buggy allowing code execution on the Hard Disk Drive.

2. The firmware may have been replaced.  Supposedly, the firmware replace requires the firmware be signed with a private RSA key AND that the drive have the Load Firmware capability active.  The public key is stored on the system storage area of the media

1. The firmware may be able to be loaded despite the load firmware capability inactive2. The firmware load process may have a bug invalidating the signature

3. The malicious firmware may be appropriately signed

4. The public key in the system storage area may have been replaced, allowing untrustworthy firmware be loaded

3. The RAM of the device may be able to be read, allowing unknown compromising vectors.

1. The encryption key may be stored in RAM

2. The Seed Key and Seed used in the Random Number Generator may be read, allowing any new key that is generated to be guessed.

3. Internal states to the encryption process, or other operation of the firmware may be exposed

4. System Storage Area – An area of the drive that is supposed to only be able to be read by the firmware, and not the computer.

1. Secure ID aka Drive Owner (SHA Digest)

1. If the system area is able to be read, an unsalted simple SHA may be crackable2. If the system area is able to be written, this may be replaced with a hash of a known password.

3. If the Drive Owner PIN has not been changed upon initialization, the PIN is printed on the drive

2. User & Master Passwords (SHA Digest)

1. If the System Area is able to be read, an unsalted simple SHA digest may be crackable2. If the system area is able to be written, this may be replaced with a hash of a known password.

3. User/Master Encryption Keys (Plaintext?)

1. The the System Area is able to be read, plaintext storage of the keys allows full data recovery2. If the Random Number Generator is not cryptographically secure, the encryption key may follow a guessable pattern

4. Firmware Public RSA Key

1. The the System Area is able to be written to, the firmware key may be replaced and new firmware loaded

5. User Storage Area – where your data is stored.

1. The data may not be encrypted with AES as promised2. The cipher mode may not be suitable for filesystem encryption

3. The drive may be initialized in a non-random pattern, allowing usage analysis

4. The ciphertext may be stored in a way allowing block swapping, ciphertext injection, or otherwise damaging the integrity of the ciphertext

6. The Drive may be vulnerable to side channel attacks

1. Crypto operations may not be constant-time leaking data about the key structure or value2. Drive may not draw power equally during crypto operations leaking data about the key structure or value

3. The drive may not be acoustically silent, leaking information about where on the platters the data is being written by listening to drive head movements.

4. The drive may not be protected against induced faults such as power manipulation, temperature extremes, electrical shocks, or physical shocks.

8. AT Password Security Protocol

1. Passwords may be attempted at a rapid sequence if a mechanism to reset the module is created.

This groups those attacks together, and notes whether I consider them within the realm of testing for the drive.  I’m not sure what will be doable easily or cheaply, but if I can verify the firmware, I’ll try.

Not Considered for evaluation

User Coercion or Cooperation / “Evil Maid” Attacks

1. Hardware tampering or tapping of the Keyboard, Keyboard connection, Computer, SATA connection or HDD Pwnage

1. Subversion of the Operating System, BIOS, or hdparm


1. Not changing the Master or Drive Owner password2. Not enabling hard disk security

Side Channel Attacks

Considered for Evaluation

1. Buggy firmware

1. with regards to firmware signature verification2. with regards to firmware replacement despite load firmware capability disabled

3. with regards to randomly selecting an encryption key

4. with regards to proper encryption

5. with regards to backdoors

6. with regards to memory trespass or other “standard” vulnerabilities

2. Key Management

1. plaintext storage of encryption keys in system area2. poor password hashing practices of passwords

3. Encryption

1. lack of encryption of user data2. Improper cipher mode

3. Patterned initial fill of disk

4. Lack of ciphertext integrity

4. System Area

1. ability to read system area2. ability to write system area


gAtO cRaZy but it could happened, maybe sI — maybe nO


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: