The researchers developed several different attacks to recover user data from these password protected and fully encrypted external hard disks. In addition to this, other security threats were discovered, such as easy modification of firmware and on-board software that is executed on the
users PC, facilitating evil maid and badUSB attack scenarios, logging user credentials and spreading of malicious code.
In some cases they found that the encryption is performed by the chip that bridges the USB and SATA interfaces. In other cases, the encryption is done by the HDD's own SATA controller, with the USB bridge handling only the password validation.
Western Digital has been in a dialog with the independent security researchers regarding their findings for certain models of My Passport hard drives and is currently evaluating their observations, a Western Digital representative said.