System reset vs Data protection

MPW is almost a perfect portable device. In terms of data protection it has:

1. Two secure types of connection: Direct Connection and Public Wireless Network Connection.
2. Password protection of the connection.
3. Locking the Drive function (disabling USB connection).

However, all of them made null and void with one little operation: Manual System Reset. Push a couple of buttons and you get access to the disk! It’s nonsense, I suppose. What a sense in the Locking the Drive when System Reset exists?!

Is there some means to protect my data from leaking except storing MPW in a safe?

MihailK wrote:

What a sense in the Locking the Drive when System Reset exists?! 

Is there some means to protect my data from leaking except storing MPW in a safe?

What do you do with any USB drive you have?  The My Passport is no different…

TonyPh12345 wrote:

What do you do with any USB drive you have?  The My Passport is no different…

MPW is not a USB drive. Moreover, it provides USB locking. My question is not about “why it’s so”, but “how it could be fixed”.

That is a good point, but as Tony implied, as with any USB drive it is the physical security of the drive that actually protects your data.

The wireless security protects your data from someone connecting wirelessly without you knowing, and stealing your data. It is the most useful security.

I don’t even bother with a password on the Admin user ID, as I don’t think it adds much security, and is just another layer for me to get through each time I want to alter settings.

The Drive Locking functionality is not really a security meaure, as a reset can bypass it pretty quickly, as you say. It is more of a protection against accidently making a USB data connection to a PC, which would turn off the wireless connection you may be using. For example, if you needed to charge or power the MPW but only had PC USB ports to do so, and didn’t have the charger, locking the USB port on the MPW would mean it could charge but would not connect from a data perspective. Or at least I believe it would charge if you did that. I haven’t tested it.

The only way to protect your data if someone gets hold of any hard drive physically is to have strong hardware encription built into the drive. There are drives that support that functionality, but the MPW isn’t one of them.

You may be able to add the slightly less effective software encryption to the MPW if you are technically inclined, but then it would be a non-standard installation and you could end up losing all your data if something went wrong. You certainly couldn’t do any future firmware upgrades without lots of work.

So yes, keep the MPW with you, or keep it in a safe place, like a Safe.

Thank you, RoderickGI, it’s interesting.

As a matter of fact, MPW does not charge (and does not even get power supply) from PC USB. It prevents USB from damaging, I suppose, it’s too weak to charge such a battery.

So, System reset is the bottle neck of MPW security system. If I leave my place for a couple of minutes (e. g. for WC), someone can perform System reset and then copy my files through wi-fi even after my return untill I recognize something is wrong.

It’s a reason to provide me a way to disable manual system reset or to tune it. Am I right?

I have a couple of charging ports on my PC that can provide 2.1A or so. I think those would charge the MPW if the USB was locked. But I haven’t tested it. Maybe not though. When the MPW has a data connection to a PC, I do believe you are correct and it doesn’t get charged. It would be nice if it was at least powered by the PC while using a data connection though.

Yes, someone could reset your MPW if you were away from it for a few minutes. But if you were using it wirelessly you would notice pretty quickly that you could no longer connect to it. I’m pretty sure the wireless password is reset as well as the admin password.

The trouble with removing the manual reset is that if it was no longer possible to connect to the MPW, and it needed a reset, you couldn’t do it through software. To do a reset at least one of the two connection types would have to work, and the software running on it would have to respond to a soft reset.

There is no guarantee that would work. You may just “brick” your MPW and require a service call to fix it, or worse.

A standard 500mA USB 2.0 port will charge it. albeit slowly.

I plugged mine (which had a yellow battery status this morning) into my Dell E5420 laptop USB this morning, and then did a Safe Remove.

About 5 hours later, the LED is now BLUE, indicating a full charge.

I did my tests too. Connected MPW to a new Dell Inspiron 2350 through USB 3.0. Bingo: it reported charging. But in fact it is not being charged, just holding its charge (being powered, as RoderickGI said) which is good enough too. While it is being on, it can be keeping plugged into a socket for hours without any change of its charge level until you put it off. Control panel shows charging status but the led is not blinking and the percent is not changing.

Nevertheless, the topic is not about that. It has two aspects:

1. What can I do as a user to prevent unauthorized system reset except using a safe?
2. What should the manufacturer do to provide me such a feature?

I have written to the support. They offered me to correct the firmware myself if I can. It’s a chance, but I’d prefer to get the option in the standard control panel. Or at least to get known the exact point I should correct in the firmware.

I understand all the risks going from manual reset disabling. But such an approach exists: some devices in some cases get locked in such a way that their unlocking is only possible by technical support. It’s normal (and crucial) when we are speaking about data protection.

I’ll try to learn the firmware however. If I find a solution, I’ll report.

Thank you very much for your participation. If you have any more opinions and constructive propositions, you are welcome.

Do you know that resetting to defaults improperly can cause damage to your MPW (settng off two alternately flashing red LEDs) and hose your MPW so that you or no one else can use it unless one knows how to recover from the disaster?  I have written about this a few places on the forum.  Search and you will find my comments.  Meanwhile, just so YOU know the proper way to restore/reset, here are the steps (from WD):

Important – the MPW must be ON when you do the restore or you will cause major problems that are hard to recover from.  MPW can not be connected to a computer, and it needs to be fully charged.

System Restore (No UI):

*Do NOT have an SD card in the drive.

1. Power ON device. Wait till both lights are solid (Fully Booted)
2. Hold both buttons in for 10 seconds (or until the device reboots)
3. When it boots up it will be in a fresh state, with the exception of the drive. The drive is not touched with this restore.

RoderickGI wrote:

For example, if you needed to charge or power the MPW but only had PC USB ports to do so, and didn’t have the charger, locking the USB port on the MPW would mean it could charge but would not connect from a data perspective. Or at least I believe it would charge if you did that. I haven’t tested it. 

An interesting thing I discovered. When Locking the Drive is off (USB connection enabled) and MPW is plugged to PC through USB, after some period of idle (few minutes without reading/writing) it begins to charge, and efficiently! The LED starts blinking and then changes its color.

There you go.

A standard USB port (500mA) wouldn’t be able to supply enough power to both spin the drive and charge the battery.

It sounds like, in recognising this, WD has programed the MPW to only charge when the drive is idle and the disk has spun down. Logical really.

MihailK wrote:

If I find a solution, I’ll report.

I did.

Unfortunately, I’d never used Linux before (although I’m not a novice in programming), so I killed about a week looking for a path. But I found.

There are different ways to reach the goal. The several days I wasted were spent in trying to tune various Linux versions to work with Buildroot, being used in the firmware source code. The way was vain and absolutely needless. The quickest one is ssh access to MPW and direct editing of relevant files.

As I had installed Linux on an old laptop while seeking a solution, I was doing all the further actions from Linux. Given the Linux core of MPW, it seemed to be the most reasonable, safe and comfortable approach.

If you know nothing about operating systems, programming, scripts and so on, avoid doing things given under the spoiler below. I am not liable for any consequences for you. I am writing about something working with my device and I cannot guarantee it will work with yours.

By the way, my firmware version is 1.03.13.

So, if you know what you are doing, I shouldn’t explain how to get an access through ssh. When you have it got, you see all the file system of MPW.

Pay your attention to the following files:

1. /sbin/Button_factoryRestore.sh — a script executed when both buttons are being held pressed for 10 seconds.
2. /sbin/factoryRestore.sh — a script called from the previous script. Rewrites system files from an archive containing defaults and unlocks the USB port of the disk (locked or not). Take into account that this script runs both through button reset and through soft reset.
3. /etc/default/factory.conf — the archive containing defaults. It's in TAR format. If you want to see or to edit its files, just rename 'factory.conf' to 'factory.conf.tar' and open it in appropriate archiver.
4. /etc/saveconfigfiles.txt — a list of files updated from the archive.
5. /etc/init.d/S49factory-restore — a command file creating the archive (/etc/default/factory.conf) from the current file system according to the list (/etc/saveconfigfiles.txt) if such an archive has not existed yet. Obviously, it's a procedure for the factory.
6. /etc/nas/config/wifinetwork-param.conf — a file storing current wi-fi settings of MPW and the external net it is being connected to.
7. /etc/nas/service_startup/ssh — a file storing current ssh setting (enabled or disabled).

I suppose, the information above is sufficient to select a solution. You can erase the content of the file (1) and it's more than enough: button reset will be off (I did not try!). You can also edit files in the 'factory.conf' archive directly. Or you can tune the system to follow your own desires more exquisitely.

As for me, I managed to tune this mechanism in such a way that button reset restores my own defaults (SSID, encryption type, encryption key, Drive Lock and some more options including remembered external wi-fi network settings) whereas soft reset works according to the manufacturer’s intentions. If you’d like to know details, don’t hesitate to ask. It’s not too hard although it would be much better if we got a handy interface from the firmware to do it.

I posted the request in the ideas section and hope WD won’t miss the opportunity to make such a solid device to be really perfect.

If you have any ideas to share, you are welcome. I guess, it could be useful to open a special topic for all issues and solutions (like a FAQ). The message is my 5 farthings for it.