CATEGORIES
home News

Researchers Discover A Way to Bypass Hardware-Based SSD Full Disk Encryption

by Shane McGlaunMonday, November 05, 2018, 04:23 PM EDT

Researchers from Radboud University in the Netherlands have announced a flaw that affects some SSDs that feature hardware-based security; the flaw could allow an attacker to completely bypass disk encryption. Bypassing the encryption would give the hackers full access to the local data without having to know the password for the disk. The researchers are clear that the flaw only affects certain SSD models that have hardware-based encryption.

data security

SSDs with hardware-based encryption have specific chips inside that handle the task of encrypting and decrypting data. The vulnerabilities that researchers Carlo Meijer and Bernard van Gastel found are in the firmware of the SSDs. The duo says that the vulnerabilities they have discovered affect "ATA security" and "TCG Opal", which are two specifications for implementing encryption on SSDs that use hardware-based encryption. During the investigation, the researchers discovered that not only do the SSDs they analyzed allow the user to set a password to decrypt the data, but they also come with a so-called master password that was established by the SSD vendor. Like most router admin passwords, these passwords are located in the SSD's user manual allowing anyone who reads the manual to access the data.

Some drives the researchers looked at had improper implementations of ATA security and TCG Opal specifications. These faulty implementations meant that the user-chosen password and the disk encryption key weren't cryptographically linked. The researchers wrote, "Absence of this [cryptographically linking] property is catastrophic. Indeed, the protection of the user data then no longer depends on secrets. All the information required to recover the user data is stored on the drive itself and can be retrieved."

The duo admits that they have only tested a limited number of SSDs at this time, but that the flaws found worked on each of the drives. The drives that were tested in the research project include the Crucial MX100, Crucial MX200, Crucial MX300, Samsung 840 Evo, Samsung 850 Evo, Samsung T3, and Samsung T5.

Unfortunately for Windows users, they are more vulnerable than other OS users because Windows BitLocker defers to the hardware-based encryption of the SSD, leaving the data unencrypted at the software level. With the vulnerabilities widespread among devices, the researchers have suggested that the TCG working group publish a reference implementation of Opal to aid developers and prevent this sort of issue in the future.

Tags:  SSD, Encryption, security, Research
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment