PSA: Encrypted disks are not safe by default anymore

Questions about SNMP, Power, System, Logs, disk, & RAID.
Post Reply
tssge
New here
Posts: 6
Joined: Mon Nov 08, 2021 11:27 pm

PSA: Encrypted disks are not safe by default anymore

Post by tssge »

After you upgrade your NAS to QTS 4.5.4 or greater, an admin account reset functionality will be added.

With this functionality, an adversary can just press your NAS reset button and gain admin access to the operating system -- meaning also any encrypted data that is in use.

QNAP support has confirmed to me, that when using this password reset function, encrypted disks will not be locked. Thus anyone can access any encrypted data on your NAS if it's powered on and disks unlocked.

Considering the main reason for encrypting disks is to prevent data leaking from them if the NAS is physically accessed, you probably want to disable this feature.

You can disable it from control panel: https://i.imgur.com/DAwEdZ0.png
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: PSA: Encrypted disks are not safe by default anymore

Post by dolbyman »

Never disable the reset button..(people need it all the time when they lock themselves out or config goes haywire)

Oh and Mr. secret secret with adversaries with physical NAS access:
Why would you save your encryption password on your NAS to decrypt on bootup? So no need to post usless and dangerous "tips" like that
tssge
New here
Posts: 6
Joined: Mon Nov 08, 2021 11:27 pm

Re: PSA: Encrypted disks are not safe by default anymore

Post by tssge »

dolbyman wrote: Mon Nov 08, 2021 11:55 pm Why would you save your encryption password on your NAS to decrypt on bootup? So no need to post usless and dangerous "tips" like that
It doesn't matter whether you save it or not. This issue affects you even if password is not saved onto the NAS.

Considering the only use of disk encryption is preventing physical access from gaining access to data...

Never disable the reset button essentially means never enable disk encryption either. As they're mutually exclusive in new firmware.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: PSA: Encrypted disks are not safe by default anymore

Post by dolbyman »

So if a criminal steals your NAS sets it up and resets the admin password .. how are the disks accessible ? The attacker does not know the unlock password for the disks
tssge
New here
Posts: 6
Joined: Mon Nov 08, 2021 11:27 pm

Re: PSA: Encrypted disks are not safe by default anymore

Post by tssge »

dolbyman wrote: Tue Nov 09, 2021 12:24 am So if a criminal steals your NAS sets it up and resets the admin password .. how are the disks accessible ? The attacker does not know the unlock password for the disks
The criminal presses your reset button, logs in and copies your data. He doesn't have to shut down the NAS first.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: PSA: Encrypted disks are not safe by default anymore

Post by dolbyman »

No, if the password is not saved on the NAS, the disks will be locked (unless the password is saved on the NAS)

So what you are saying is that LUKS password/phrases are now stored for auto-unlock on boot no matter what option the user chooses ?
Last edited by dolbyman on Tue Nov 09, 2021 12:37 am, edited 1 time in total.
tssge
New here
Posts: 6
Joined: Mon Nov 08, 2021 11:27 pm

Re: PSA: Encrypted disks are not safe by default anymore

Post by tssge »

dolbyman wrote: Tue Nov 09, 2021 12:31 am No, if the password is not saved on the NAS, the disks will be locked (unless the password is saved on the NAS)

So what you are saying is that LUKS password/phrases are now stored for autounlock no matter what option the user chooses ?
If your NAS is on, the criminal can just log in and copy data. Sure, if the encrypted volume is kept offline and unreachable the criminal cannot reach it either.

So if you can reach the data, so can a criminal. You cannot keep encrypted disks online without a possible criminal having access to them also.

Saving password / autounlock or not: doesn't matter.
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: PSA: Encrypted disks are not safe by default anymore

Post by dolbyman »

So we are talking about the very unlikely case that your NAS is stolen but the power is NOT cut in the process

Anyways, did QNAP say when a NAS reboot would be part again of the 3 second reset process ? .. You did open a ticket .. right ?
tssge
New here
Posts: 6
Joined: Mon Nov 08, 2021 11:27 pm

Re: PSA: Encrypted disks are not safe by default anymore

Post by tssge »

dolbyman wrote: Tue Nov 09, 2021 12:43 am So we are talking about the very unlikely case that your NAS is stolen but the power is NOT cut in the process
It's not at all unlikely. For example forensic teams always take computers with the power on to attack it. Or your cleaner/landlord/whoever could just dump all your data from your NAS with a press of a button.

Imagine if your mobile phone had a button to bypass the lock screen.
dolbyman wrote: Tue Nov 09, 2021 12:43 am Anyways, did QNAP say when a NAS reboot would be part again of the 3 second reset process ? .. You did open a ticket .. right ?
Yes, I opened a ticket and they said that nothing else is affected except the settings mentioned here: https://www.qnap.com/en/how-to/knowledg ... -explained eg. disks are not locked / no reboot

EDIT: though there's of course always the possibility that the support was wrong. Is anyone willing to test the reset on their NAS and tell us if it reboots the device?
User avatar
OneCD
Guru
Posts: 12010
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: PSA: Encrypted disks are not safe by default anymore

Post by OneCD »

tssge wrote: Tue Nov 09, 2021 2:41 am Is anyone willing to test the reset on their NAS and tell us if it reboots the device?
This is your PSA. I'm surprised you didn't check this already. :'

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
tssge
New here
Posts: 6
Joined: Mon Nov 08, 2021 11:27 pm

Re: PSA: Encrypted disks are not safe by default anymore

Post by tssge »

OneCD wrote: Tue Nov 09, 2021 4:55 am
tssge wrote: Tue Nov 09, 2021 2:41 am Is anyone willing to test the reset on their NAS and tell us if it reboots the device?
This is your PSA. I'm surprised you didn't check this already. :'
True, I made a support ticket with this very question though and QNAP answered me that only the settings are changed when the password is reset. Didn't consider trying it with my production NAS as I trusted support.
Laddmeister
New here
Posts: 2
Joined: Sun Jan 16, 2022 10:38 pm

Re: PSA: Encrypted disks are not safe by default anymore

Post by Laddmeister »

So, whats the final conclusion? That QNAP NAS stores your password on the device, no matter what you do? I find that hard to believe.
P3R
Guru
Posts: 13183
Joined: Sat Dec 29, 2007 1:39 am
Location: Stockholm, Sweden (UTC+01:00)

Re: PSA: Encrypted disks are not safe by default anymore

Post by P3R »

tssge wrote: Mon Nov 08, 2021 11:29 pm After you upgrade your NAS to QTS 4.5.4 or greater, an admin account reset functionality will be added.
What do you mean have changed with QTS 4.5.4? :'

Reset buttons have existed on Qnaps since forever. Or at least since 2007 when I bought my first, a TS-209 Pro. Reset buttons have always reset the admin password unless the button was disabled in software, which have always been a bad idea that have caused users that disbled it much problems. The default for the reset button setting in QTS have always been that it was enabled.

Yes unlocked volume and shared folder encryption only protect systems after a reboot (or when they have been manually locked). If the administrator save the encryption password in the system not even that. This is well known and I have never seen anybody claim anything else. It's probably because this is so well known that people misunderstood what you're "warning" about here.

With physical access to the NAS there are other ways to break in to it even if you have disabled the reset button. If you need protection against that, you instead need to start working on securing physical access to the building where you keep the NAS.
RAID have never ever been a replacement for backups. Without backups on a different system (preferably placed at another site), you will eventually lose data!

A non-RAID configuration (including RAID 0, which isn't really RAID) with a backup on a separate media protects your data far better than any RAID-volume without backup.

All data storage consists of both the primary storage and the backups. It's your money and your data, spend the storage budget wisely or pay with your data!
Post Reply

Return to “System & Disk Volume Management”