* Non-members receive free standard shipping on orders of at least kr300 excluding taxes and shipping costs, and after any applicable coupons have been applied. Western Digital Store members receive free standard shipping on all eligible orders. Free standard shipping applies to purchases delivered within Sweden. Western Digital reserves the right to change or discontinue these terms at any time without notice.
Details & Exclusions
Offer valid on qualifying products listed here and purchased online through the Western Digital Store. Offer limited to a maximum of 5 SKUs of the same product per customer. Retailers, Resellers, Distributors and Western Digital Business customers are excluded from this promotion. The offer has no cash value, is not applicable for any prior purchases and may not be available in all regions of the world. Western Digital reserves the right to change or discontinue this offer at any time without notice. This promotion is valid between 9th February 2022 and 9th August 2022.
The ArmorLock application generates, stores, and uses an elliptic curve private key to enable unlocking of authorized ArmorLock devices. On iOS and macOS devices that do not have biometrics (Touch ID or Face ID) but which contain a Secure Enclave, key material is incorrectly stored within the software Keychain instead of the Secure Enclave. On these affected devices, an attacker with the ability to execute code as the user of the device may be able to gain access to the key material, which could allow impersonation of the client through extraction of the private key.
This vulnerability was addressed in the iOS 1.4.1 app and the macOS 1.4.1 app. The updated client apps will remove any existing key material from the software Keychain and wrap it with a new key from the Secure Enclave. Key material generated for new drive pairings will be generated within the Secure Enclave.
Users with an affected device may wish to perform a fresh install of the 1.4.1 client app to ensure all key material is generated within the Secure Enclave. Before removing the existing app, make sure all drive recovery keys are available. Access to existing drives can be maintained via use of the recovery key or requesting access from another authorized manager.
Advisory Summary
A logic error in the ArmorLock iOS and macOS client applications led to an incorrect determination that devices which lack biometric hardware also lack Secure Enclave hardware. In this scenario, key material is placed in the software-backed Keychain instead of the more secure hardware-backed Secure Enclave.
The vulnerability was addressed by correctly identifying the presence of the Secure Enclave and using it when generating key material. Existing key material that was stored within the Keychain is removed and one of two actions are performed depending on context. Either the key material is re-generated within the Secure Enclave; or it is encrypted with a new key generated within the Secure Enclave.
Western Digital periodically retains the services of third-party firms to audit and test the security of our products. This issue was discovered during a scheduled assessment performed by the security firm Trail of Bits. In order to provide transparency to our customers, we have elected to make the audit and remediation report for this issue available to the public.