What you need to know A 12-year-old vulnerability was discovered in Dell computers and flagged up to the company.
Western Digital has confirmed the issues and urged the customers to install security updates to stay safe. A vulnerability thats been around since 2009 has been patched by Dell. The flaw affects Western Digital SanDisk SSD Dashboard applications prior to version 2.5.1.0. Specifically, a malicious user can create a rogue hotspot that the computer will join or launch a man-in-the-middle attack and then serve malicious content instead of the data requested by the app,” said researchers. I would bet TrueCrypts encryption with AES would be the same as your SSDs hardware encryption as if its got hardware AES bonus it should carry over to TrueCrypt too. Your SSD manufacturer probably has its own closed project. “This makes it trivial to attack users running this application in untrusted environments (e.g. TrueCrypt is OpenSource, so you know there is no backdoor. Through the MiTM attack, attackers can serve malicious content instead of the data requested by the app. This can allow an attacker to create a rogue hotspot and perform a man-in-the-middle attack. The flaw exists as the application uses HTTP instead of HTTPS for communication with the SanDisk site. The second vulnerability - CVE-2019-13467 - is more severe. By exploiting the vulnerability, an attacker can intercept the report to read all the sensitive data included in the SSD Dashboard. The password is the same for every installation.
They found that one of the strings was a hardcoded password used for encrypting report information. Includes SanDisk SecureAccess software to protect access to your personal files with a password-protected private vault. Trustwave researchers found the bug after dumping strings from the main binary file-SanDiskSSDDashboard.exe. A SanDisk survey characterized the data corporate end users most. Use compliant data encryption tools and algorithms. Develop and test an appropriate data recover plan. The flaw is related to the use of a hard-coded password for protecting the archived customer-generated system and diagnostic reports. Secure USB flash drives protect the data stored on them from access by unauthorized users. Mobile devices include laptops, tablets, wearable tech and smartphones.
Two severe vulnerabilities in the Western Digital and SanDisk SSD Dashboard can allow threat actors to trick users into running arbitrary code on the computers.ĭiscovered by Trustwave researchers, one of the vulnerabilities is detected as CVE-2019-13466. Like the YP-Z5, the e200 supports MP3 and WMA audio files, the latter with DRM. SanDisk being a purveyor of memory cards has equipped its player with an SD card slot for additional memory. SanDisks player has 6GB of storage, but its also available in, yes, 2GB and 4GB forms. The flaw affects Western Digital SanDisk SSD Dashboard applications prior to version 2.5.1.0. The Sansa e200 also boasts a 1.8in display, similarly configured.One of the vulnerabilities arises due to the use of insecure HTTP connection.