ata passwords

i’m quite suspicious of ATA passwords, and i think that it justified by what has gone on in the past

1) disk manufacturers have been known to add backdoors

– seagate drives were once shipped with a hardcoded master password (printed on the drive itself), which people had trouble changing
http://forum.hddguru.com/viewtopic.php?t=15948&start=

– there are collections of ATA backdoor passwords on the internet, demonstrating that it was a widespread phenomenon
https://ipv5.wordpress.com/2008/04/14/list-of-hard-disk-ata-master-passwords/

– drive manufacturers have been induced or coerced into introducing firmware backdoors
https://www.techpowerup.com/209925/nsa-hides-spying-backdoors-into-hard-drive-firmware

2) BIOS manufacturers have been known to weaken the passwords passed to the disk by encoding/truncating them

– limiting the number of legal characters (reducing entropy)
– truncating or limiting the length of the password string (reducing entropy)
– converting all the characters to be case-insensitive (reducing entropy)
– translating ascii codes into ‘scan codes’ (reducing entropy)
– i would say this is all likely at the request of intelligence agencies
https://jbeekman.nl/blog/2015/03/lenovo-thinkpad-hdd-password/

3) the actual protections and limitations are often not clear

– i remember a story of a drive claiming ‘AES encryption’, but where only the encryption key was protected with AES, then the key was merely used to XOR the actual drive data (can’t find link)
– people might set the user password and not realize that there is a good chance of there being be a known, or trivially breakable, master password lurking in the background (which they could have changed but didn’t know they had to)
– transferring a disk to a machine with a different BIOS (manufacturer and/or version) may well not work out well, because the BIOS ‘translates’ the user input in a BIOS-specific way before forwarding it to the disk. i.e. successive generations of lenovos do it differently, and dell does it differently to lenovo, and so on

4) BIOS manufacturers have often backdoored their products, and a backdoored BIOS means your ATA password can easily be compromised

– likely out of incompetence/misguidedness at first, and then due to intelligence agency pressure
http://resources.infosecinstitute.com/nsa-bios-backdoor-god-mode-malware-deitybounce/
– ‘accidental‘ vulnerabilities can act as a backdoor into the BIOS

5) specialist services exist to remove user/master passwords from drives

– i don’t know whether this applies to the latest generations of drives or not, it could just be hype.. but who really knows?
http://www.hdd-tools.com/products/rrs/
http://www.hdd-tools.com/products/rrs/drives/samsung/ (“all Samsung 3.5″ and 2.5” drives!!!)

over time the ‘depth’ of the backdoor has increased. first it was just a ‘special string’ on the BIOS or disk, then it was a per-unit secret string, then it was a weakening of the entropy of what the user entered, and now it’s likely deep in the drive firmware

as the depth of the backdoor has increased, the comfort level to the user has increased, and the threat level has gone from ‘nextdoor neighbor’ to ‘an intelligence agency’. the trouble with backdoors, though, is that if they become public they can be used by anyone

anyway, i guess for the non-top-secret business case, the ATA password might well be good enough. without expensive specialist support or top secret knowledge, and having being careful to set the drive to ‘maximum’ security (not just ‘high’), the only way a ‘mere mortal’ can remove the protection is to also trigger a secure wipe of the disk

but for the case where a government might be interested in what’s on the disk (perhaps classified material from working on a military IT project), i’m not so sure!

however, even if we deployed LUKS as well, this is probably just a speed bump.  a backdoored BIOS can likely sniff the LUKS password, malware can likely insinuate itself into /boot…  and then there’s the physical attacks (cold boot or DMA atack to get the key, evil maid to implant a hardware keylogger or tamper with /boot, …). but let’s face it, most likely of all is that they’ll get you with a client-side attack which just bypasses everything :-p

yes, if someone wants that data badly enough, they’ll get it! 😀

Leave a Reply

Your email address will not be published. Required fields are marked *