Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data [source: thehackernews]
by CIRT Team
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully.
Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the password for the disk.
The researchers—Carlo Meijer and Bernard van Gastel—at Radboud University in the Netherlands reverse engineered the firmware several SSDs that offer hardware full-disk encryption to identify several issues and detailed their findings in a new paper (PDF) published Monday.
“The analysis uncovers a pattern of critical issues across vendors. For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys,” the researchers say.
The duo successfully tested their attack against three Crucial models of SSDs—Crucial MX100, MX200, and MX300—and four Samsung SSDs—840 EVO, 850 EVO, T3 Portable, and T5 Portable drives and found at least one critical flaw that breaks the encryption scheme. But researchers warned that many other SSDs may also be at risk.
The vulnerabilities explained below reside due to improper implementations of ATA security and TCG Opal, two specifications for implementing encryption on SSDs that use hardware-based encryption.
Password and Data Encryption Key Are Not Linked
According to the researchers, Crucial MX100, MX200, Samsung 850 EVO, and T3 Portable SSDs have critical security issues in both the ATA security and TCG Opal implementation.
For more, click here.