Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Encryption Flaws in Popular Solid State Drives

November 6, 2018

Not all encryption is created equal, especially if there are bugs. The Hacker News has identified several models of solid state drives from Crucial and Samsung that could expose your data. Security researchers, Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the password for the disk. They successfully tested their attack against three Crucial models of SSDs—Crucial MX100, MX200, and MX300—and four Samsung SSDs—840 EVO, 850 EVO, T3 Portable, and T5 Portable drives and found at least one critical flaw that breaks the encryption scheme.

Windows BitLocker won’t help you either if you have one of the affected drives. BitLocker will use hardware encryption if available over its internal software encryption. Basically, BitLocker trusts the hardware it is running on, which is not a good thing. You can force BitLocker to use software-based encryption by doing the following:

Open the Local Group Policy Editor by entering "gpedit.msc" in the Run dialog.
Head on to "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption."
Double-click the "Configure use of hardware-based encryption for fixed data drives" option in the right panel.
Select the "Disabled" option there and click "OK" to save the new setting.
Once suspend the BitLocker protection and re-enable it to make the changes in effect.

The good news is that Crucial has firmware updates available for the impacted models. Samsung has patches available for the T3 and T5, but it recommends installing encryption software for the EVO models.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com

John W. Simek
Vice President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Your IT Consultant

Encryption Flaws in Popular Solid State Drives

Subscribe for More!

Popular Categories

Listen to the Podcast

Disclaimer