PSA: Encrypted disks are not safe by default anymore
-
- New here
- Posts: 6
- Joined: Mon Nov 08, 2021 11:27 pm
PSA: Encrypted disks are not safe by default anymore
After you upgrade your NAS to QTS 4.5.4 or greater, an admin account reset functionality will be added.
With this functionality, an adversary can just press your NAS reset button and gain admin access to the operating system -- meaning also any encrypted data that is in use.
QNAP support has confirmed to me, that when using this password reset function, encrypted disks will not be locked. Thus anyone can access any encrypted data on your NAS if it's powered on and disks unlocked.
Considering the main reason for encrypting disks is to prevent data leaking from them if the NAS is physically accessed, you probably want to disable this feature.
You can disable it from control panel: https://i.imgur.com/DAwEdZ0.png
With this functionality, an adversary can just press your NAS reset button and gain admin access to the operating system -- meaning also any encrypted data that is in use.
QNAP support has confirmed to me, that when using this password reset function, encrypted disks will not be locked. Thus anyone can access any encrypted data on your NAS if it's powered on and disks unlocked.
Considering the main reason for encrypting disks is to prevent data leaking from them if the NAS is physically accessed, you probably want to disable this feature.
You can disable it from control panel: https://i.imgur.com/DAwEdZ0.png
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: PSA: Encrypted disks are not safe by default anymore
Never disable the reset button..(people need it all the time when they lock themselves out or config goes haywire)
Oh and Mr. secret secret with adversaries with physical NAS access:
Why would you save your encryption password on your NAS to decrypt on bootup? So no need to post usless and dangerous "tips" like that
Oh and Mr. secret secret with adversaries with physical NAS access:
Why would you save your encryption password on your NAS to decrypt on bootup? So no need to post usless and dangerous "tips" like that
-
- New here
- Posts: 6
- Joined: Mon Nov 08, 2021 11:27 pm
Re: PSA: Encrypted disks are not safe by default anymore
It doesn't matter whether you save it or not. This issue affects you even if password is not saved onto the NAS.
Considering the only use of disk encryption is preventing physical access from gaining access to data...
Never disable the reset button essentially means never enable disk encryption either. As they're mutually exclusive in new firmware.
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: PSA: Encrypted disks are not safe by default anymore
So if a criminal steals your NAS sets it up and resets the admin password .. how are the disks accessible ? The attacker does not know the unlock password for the disks
-
- New here
- Posts: 6
- Joined: Mon Nov 08, 2021 11:27 pm
Re: PSA: Encrypted disks are not safe by default anymore
The criminal presses your reset button, logs in and copies your data. He doesn't have to shut down the NAS first.
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: PSA: Encrypted disks are not safe by default anymore
No, if the password is not saved on the NAS, the disks will be locked (unless the password is saved on the NAS)
So what you are saying is that LUKS password/phrases are now stored for auto-unlock on boot no matter what option the user chooses ?
So what you are saying is that LUKS password/phrases are now stored for auto-unlock on boot no matter what option the user chooses ?
Last edited by dolbyman on Tue Nov 09, 2021 12:37 am, edited 1 time in total.
-
- New here
- Posts: 6
- Joined: Mon Nov 08, 2021 11:27 pm
Re: PSA: Encrypted disks are not safe by default anymore
If your NAS is on, the criminal can just log in and copy data. Sure, if the encrypted volume is kept offline and unreachable the criminal cannot reach it either.
So if you can reach the data, so can a criminal. You cannot keep encrypted disks online without a possible criminal having access to them also.
Saving password / autounlock or not: doesn't matter.
- dolbyman
- Guru
- Posts: 34903
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: PSA: Encrypted disks are not safe by default anymore
So we are talking about the very unlikely case that your NAS is stolen but the power is NOT cut in the process
Anyways, did QNAP say when a NAS reboot would be part again of the 3 second reset process ? .. You did open a ticket .. right ?
Anyways, did QNAP say when a NAS reboot would be part again of the 3 second reset process ? .. You did open a ticket .. right ?
-
- New here
- Posts: 6
- Joined: Mon Nov 08, 2021 11:27 pm
Re: PSA: Encrypted disks are not safe by default anymore
It's not at all unlikely. For example forensic teams always take computers with the power on to attack it. Or your cleaner/landlord/whoever could just dump all your data from your NAS with a press of a button.
Imagine if your mobile phone had a button to bypass the lock screen.
Yes, I opened a ticket and they said that nothing else is affected except the settings mentioned here: https://www.qnap.com/en/how-to/knowledg ... -explained eg. disks are not locked / no reboot
EDIT: though there's of course always the possibility that the support was wrong. Is anyone willing to test the reset on their NAS and tell us if it reboots the device?
- OneCD
- Guru
- Posts: 12010
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: PSA: Encrypted disks are not safe by default anymore
This is your PSA. I'm surprised you didn't check this already.
-
- New here
- Posts: 6
- Joined: Mon Nov 08, 2021 11:27 pm
Re: PSA: Encrypted disks are not safe by default anymore
True, I made a support ticket with this very question though and QNAP answered me that only the settings are changed when the password is reset. Didn't consider trying it with my production NAS as I trusted support.
-
- New here
- Posts: 2
- Joined: Sun Jan 16, 2022 10:38 pm
Re: PSA: Encrypted disks are not safe by default anymore
So, whats the final conclusion? That QNAP NAS stores your password on the device, no matter what you do? I find that hard to believe.
-
- Guru
- Posts: 13183
- Joined: Sat Dec 29, 2007 1:39 am
- Location: Stockholm, Sweden (UTC+01:00)
Re: PSA: Encrypted disks are not safe by default anymore
What do you mean have changed with QTS 4.5.4?
Reset buttons have existed on Qnaps since forever. Or at least since 2007 when I bought my first, a TS-209 Pro. Reset buttons have always reset the admin password unless the button was disabled in software, which have always been a bad idea that have caused users that disbled it much problems. The default for the reset button setting in QTS have always been that it was enabled.
Yes unlocked volume and shared folder encryption only protect systems after a reboot (or when they have been manually locked). If the administrator save the encryption password in the system not even that. This is well known and I have never seen anybody claim anything else. It's probably because this is so well known that people misunderstood what you're "warning" about here.
With physical access to the NAS there are other ways to break in to it even if you have disabled the reset button. If you need protection against that, you instead need to start working on securing physical access to the building where you keep the NAS.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.
All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!