Security News > 2020 > November > Western Digital Finds Replay Attack Protection Flaw Affecting Multiple Vendors
A vulnerability identified recently by researchers at storage giant Western Digital in the Replay Protected Memory Block protocol impacts the products of several other major companies, including Google, Intel and MediaTek.
The RPMB feature is designed to protect devices against replay attacks by providing an authenticated and protected area for storing data that ensures each message is unique and cannot be replayed.
RPMB is often found in tablets and phones that use flash storage technology, such as NVMe, UFS and eMMC. Researchers at Western Digital discovered that the RPMB protocol fails to provide proper protection against replay attacks.
Western Digital determined that the underlying vulnerability, which it tracks as CVE-2020-13799, impacts the products of several other vendors as well, including Intel, Google and MediaTek.
Western Digital has published a whitepaper and a security bulletin as part of what it described as an "Industry-wide coordinated vulnerability disclosure process to promote security in embedded storage applications."
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass by Capture-replay vulnerability in multiple products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 4.6 |