CAPEC-402 Detail

An adversary exploits a weakness in ATA security on a drive to gain access to the information the drive contains without supplying the proper credentials. ATA Security is often employed to protect hard disk information from unauthorized access. The mechanism requires the user to type in a password before the BIOS is allowed access to drive contents. Some implementations of ATA security will accept the ATA command to update the password without the user having authenticated with the BIOS. This occurs because the security mechanism assumes the user has first authenticated via the BIOS prior to sending commands to the drive. Various methods exist for exploiting this flaw, the most common being installing the ATA protected drive into a system lacking ATA security features (a.k.a. hot swapping). Once the drive is installed into the new system the BIOS can be used to reset the drive password.

Prerequisites

Access to the system containing the ATA Drive so that the drive can be physically removed from the system.

Mitigations

Avoid using ATA password security when possible.
Use full disk encryption to protect the entire contents of the drive or sensitive partitions on the drive.
Leverage third-party utilities that interface with self-encrypting drives (SEDs) to provide authentication, while relying on the SED itself for data encryption.

Related Weaknesses

References

REF-33

Hacking Exposed: Network Security Secrets & Solutions
Stuart McClure, Joel Scambray, George Kurtz.

REF-701

Using the ATA security features of modern hard disks and SSDs
Oliver Tennert.
https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs

REF-702

Breaking ATA Password Security
https://security.utexas.edu/education-outreach/BreakingATA

Submission

Modifications