Pwnie Awards 2017

The 2016 Pwnie Award For Lamest Vendor Response

“WD MyPassword Drive”

Western Digital

Western Digital is no stranger to redudancy in the context of data integrity, and they’re not cutting any corners in applying those lessons to their cryptographic failures. Their firmware is rich with layers of keys resting adjacent to ciphertext, like a matryoshka doll of plaintext surprises. The most impressive part is that you don’t need to be a firmware extraction connoisseur to benefit from the rewards of their abundant “data recovery” options; take comfort in knowing that the keys themselves are actually just redundant copies of a 32bit rand() value repeated over and over, making the keys impossible to lose!

In response, the good folks at WD “continue to evaluate the observations”, possibly the most indecipherable output they’ve ever produced.