Flaws in self-encrypting SSDs let attackers bypass disk encryption

Brink

Brink

Administrator
Staff member
Local time
1:56 AM
Messages
74,846
Location
Oklahoma
Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.

But in a new academic paper published today, two Radboud researchers, Carlo Meijer and Bernard van Gastel, say they've identified vulnerabilities in the firmware of SEDs.

These vulnerabilities affect "ATA security" and "TCG Opal," two specifications for the implementation of hardware-based encryption on SEDs.

The two say that the SEDs they've analyzed, allowed users to set a password that decrypted their data, but also came with support for a so-called "master password" that was set by the SED vendor...
Click to expand...


Read more: Flaws in self-encrypting SSDs let attackers bypass disk encryption | ZDNet
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
Unreal. Never trust propitiatory encryption.
 

My Computer My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
I'm wondering when this was discovered? I use 2 Samsung EVO 850s, and a Crucial MX300.

The article states "Both SSD vendors whose products they've tested --Crucial (Micron) and Samsung-- have released firmware updates to address the reported flaws."

I don't recall either of them having firmware updates for the last few months. I think it's been at least 6 months since the EVOs had firmware updates.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Win 7 Ultimate, Win 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
CPU
Intel i5 4690K
Motherboard
Gigabyte Z97X-UD3H
Memory
Corsair Vengeance LP 32GB DDR3
Graphics Card(s)
MSI GTX 1060 GAMING X 6GB
Sound Card
Onboard
Hard Drives
Samsung 850 EVO 250GB SSD (x2)
Samsung 860 EVO 1TB SSD (x2)
Crucial MX300 525GB SSD
WD Blue 2TB 5400rpm Intellipark Disabled (x2)
PSU
Corsair HX750i
Case
Phanteks Enthoo Pro
Cooling
CM Hyper 212 EVO on CPU, Noctua Redux NF-P14S 1500rpm (x6)
Keyboard
Corsair K70 RGB LUX
Mouse
Corsair Sabre RGB
Antivirus
Avast Free, MalwareBytes, SAS & CryptoPrevent
Browser
Chrome
Other Info
StarTech PEXESAT322I 2 Port PCI-E SATA Card
ASUS PCE-AC56 Dual-band AC1300 Wireless Card
Akasa FC.Six Manual Fan Controller
And a Partridge in a Pear Tree!
You must log in or register to reply here.

Similar threads

My Review of Samsung 840 EVO SSD Full Drive Encryption.
Replies
5
Views
57K
up2trix
U
Back
Top