A group of security researchers figured it'd be fun to see how well self-encrypting external hard drives protect data, and their findings may surprise owners of these devices. Gunnar Alendal, Christian Kison and "modg" took a few stabs at breaking into portable drives from Western Digital's My Passport and My Book series. Shockingly, the researchers were able to gain full access to user data in many ways. The team tested models manufactured as recently as 2013, and they say the drives tested remain unpatched.
Most of the tested drives use a USB-to-SATA bridge chip from a third-party manufacturer (JMicron, Initio, and Symwave, to name three) that can also handle encryption duties. The team found, in colloquial terms, a Kardashian butt-load of vulnerabilities that present attackers with a multitude of vectors to reach user data.
The vulnerabilities range from easy brute-force attacks on encryption keys, thanks to poorly implemented random number generators; firmware protections that can easily be bypassed or flashed out; fixed encryption key salts; RAM data leakage; and even backdoors. In some cases, the team was able to obtain the encryption keys right off the hard drives themselves, as they're often tucked away in a set of "hidden" sectors. Adding insult to injury, WD didn't cryptographically sign its drives' firmware, opening yet another avenue for attack.
Although the security eggheads focused their work on Western Digital's older drives, it's not difficult to imagine that drives from other manufacturers are equally vulnerable, since the protection methods and third-party chips are likely to be similar. It should be noted that newer drives leave the encryption in the hands of the hard drives' SATA controller, which could close off some of the routes of attack the researchers found in these tests.