This vulnerability, recently discovered by researchers of the Western digital storage giant Replay Protected Memory Block (RPMB), affects the products of several other major companies, including Google, Intel and MediaTek.
Replay attacks generally allow hackers to perform different types of actions on behalf of a legitimate user, intercept data and replay it later. These attacks can be useful for seizing accounts or committing financial fraud.
The RPMB feature is designed to protect devices from repeated attacks by providing authenticated and secure storage that ensures each message is unique and cannot be replicated. RPMB is often found in tablets and mobile phones that use flash storage technologies such as NVMe, UFS and eMMC.
Western digital researchers have determined that the RPMB protocol offers insufficient protection against reading attacks.
An intruder physically accessing a device may cause a discrepancy between the status or contents of the RPMB record and a trusted component of the device. These inconsistencies can lead to a trusted component believing that a writing task has failed when it has actually been successfully performed, or that a trusted component believes that a certain content has been written when another content has actually been written (without being modified by an attacker), CERT/CC wrote in a guidance letter issued on Tuesday.
Western Digital has discovered that the underlying vulnerability it is looking for under the name CVE-2020-13799 affects products from a number of other vendors, including Intel (CVE-2020-12355), Google (CVE-2020-0436) and MediaTek.
In a report released Tuesday, Intel, which classified the malfunction as medium severity, said the RPMB subsystem used in Trusted Execution Technology (TXE) could allow an non-authenticated attacker with physical access to a device to increase the authorization level.
It seems that Google and MediaTek have made no recommendations regarding this vulnerability. WD encouraged MediaTek customers to contact the vendor for more information and troubleshooting recommendations.
CERT/QC noted in its report that a supplier who does not mention it by name confirms that this vulnerability can lead to a denial of service (DOS).
Western Digital has published a formal security document and a newsletter as part of what it describes as an industry coordinated vulnerability discovery process to promote integrated storage security.
That’s what it looks like: The NETGEAR Router, WD’s NAS device on day one, hacked Pwn2Own Tokyo 2020.
That’s what it looks like: Intel fixes errors in fast memory technology for privilege escalation.
That’s what it looks like: Zyxel fixes daily vulnerabilities in network storage devices
@EduardKovacs – Publisher of the Safety Week. He worked for two years as a high school computer science teacher before starting a career in journalism as a security reporter for Softpedia. Edouard has a bachelor’s degree in industrial computer sciences and a master’s degree in computer engineering for electrical engineering.
Previous chronicles of Eduard Kovacs :