On top of that some models simply store the password on the hard drive. This simple command for creating random numbers is not up to the task of producing a suitably strong key for keeping data secure. Western Digital creates the password using the C rand() function, which is known not to be cryptographically secure.
The vulnerability comes from a multitude of errors Western Digital ran into when designing their method of encryption. The My Passport drives allow a user to set a password in order to use them, which is then protected by an encryption key. Vulnerability researchers claim Western Digital’s “self-encrypting” My Passport hard drive is plagued by serious security vulnerabilities that allow an attacker trivial access to data stored on its products. The details were included in a paper dated 28 September, and posted to websites where vulnerability researchers post their findings if the affected company is not being cooperative.
