Flaws in self-encrypting SSDs let attackers bypass disk encryption

    Flaws in self-encrypting SSDs let attackers bypass disk encryption

    Flaws in self-encrypting SSDs let attackers bypass disk encryption

    Posted: 05 Nov 2018

    Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

    The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

    Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.

    But in a new academic paper published today, two Radboud researchers, Carlo Meijer and Bernard van Gastel, say they've identified vulnerabilities in the firmware of SEDs.

    These vulnerabilities affect "ATA security" and "TCG Opal," two specifications for the implementation of hardware-based encryption on SEDs.

    The two say that the SEDs they've analyzed, allowed users to set a password that decrypted their data, but also came with support for a so-called "master password" that was set by the SED vendor...

    Read more: Flaws in self-encrypting SSDs let attackers bypass disk encryption | ZDNet
    Brink's Avatar Posted By: Brink
    05 Nov 2018

  1. Posts : 1,191
    Windows 11 Pro x64

    Well a master password for the vendor is pretty damned flawed.
      My Computers

  2. Posts : 750
    Windows 10 Pro 64-bits

    So, that's how Self Encrypted Drives work...

    The SED gets a randomly generated disk encryption key at the factory and and encrypt all the data stored on it, even in case when the drive is not password protected. The SED also has a special admin account with master password, that has access to all of the data on the drive and controls access to the disk encryption key. Once the end user sets the password for the SED, it is not used for encrypting the drive. The user password is used by the special admin account to allow access to the drive. This is probably due to minimizing the performance impact of managing multiple device encryption keys and encryption over encryption.

    Like most software based encryption solutions, Bitlocker by default relies on the encryption by the SED, if the drive supports it. As such, the SSD SED vulnerability applies to Bitlocker's default encryption. This can be changed by disabling SED based encryption in the group policy, but doing so only effects new and not existing Bitlocker default encryption.

    That's the "good news". The bad news is even worse, quote from the Brink referenced PDF:

    Furthermore, we found that a vendor-specific command allow for arbitrary modifications within the address space. This enables malware with remote access to the host PC to infect the drive’s firmware, allowing it to hide itself and/or to survive re-installation of the host PC’s OS.
    Say what?!?! That's just peachy... It's not enough that the master key can access the allegedly secured/encrypted data, now even malware can be hidden on the SSD SED and presumably access encrypted data, regardless, if the encryption is utilized by the end user. That's just peachy, I tell ya...
      My Computer


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:39.
Find Us

Windows 10 Forums