Researchers from Radboud University in the Netherlands have published a paper revealing weaknesses in the encryption of solid state drives (SSDs). According to their findings, they were able to fully retrieve data from encrypted SSDs without passwords or keys - effectively they were able to totally bypass the protection entirely. Even more concerning is the fact that this weakness is a widespread problem which affects drives from well-respected brands such as Samsung and Crucial.
The paper focuses on a situation where the attacker has physical access to the encrypted SSD but does not have the password or key for decryption. As an example, the researchers describe here how they were able to access data on an encrypted Crucial MX100 drive:
"We connect a JTAG debugging device to the pins depicted in Figure 1. Subsequently, we use it to modify the password validation routine in RAM so that it always validates successfully, regardless of the input password. Finally, we unlock the drive as normal, with an arbitrary password. The strategy is the same for both ATA security and TCG Opal."
The same methodology was found to be effective on MX200 drives too. None of the drives tested were able to implement the TCG Opal standard of encryption.
An additional issue relates to Microsoft BitLocker; the software is coded to automatically rely on the hardware encryption of any installed SSD.
The paper concludes, "a pattern of critical issues across vendors indicates that the issues are not incidental but structural, and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved."
The security flaw was reported to the relevant manufacturers and also to the National Cyber Security Centre in Holland earlier this year. Both Crucial and Samsung have confirmed the vulnerabilities, and firmware updates have either been released or are under development.
You can download a pdf of the paper here: Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)
The paper focuses on a situation where the attacker has physical access to the encrypted SSD but does not have the password or key for decryption. As an example, the researchers describe here how they were able to access data on an encrypted Crucial MX100 drive:
"We connect a JTAG debugging device to the pins depicted in Figure 1. Subsequently, we use it to modify the password validation routine in RAM so that it always validates successfully, regardless of the input password. Finally, we unlock the drive as normal, with an arbitrary password. The strategy is the same for both ATA security and TCG Opal."
The same methodology was found to be effective on MX200 drives too. None of the drives tested were able to implement the TCG Opal standard of encryption.
An additional issue relates to Microsoft BitLocker; the software is coded to automatically rely on the hardware encryption of any installed SSD.
Tweet
— Twitter API (@user) date
The paper concludes, "a pattern of critical issues across vendors indicates that the issues are not incidental but structural, and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved."
The security flaw was reported to the relevant manufacturers and also to the National Cyber Security Centre in Holland earlier this year. Both Crucial and Samsung have confirmed the vulnerabilities, and firmware updates have either been released or are under development.
You can download a pdf of the paper here: Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)
