Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Encryption Flaws in Popular Solid State Drives
November 6, 2018
Not all encryption is created equal, especially if there are bugs. The Hacker News has identified several models of solid state drives from Crucial and Samsung that could expose your data. Security researchers, Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing the password for the disk. They successfully tested their attack against three Crucial models of SSDs—Crucial MX100, MX200, and MX300—and four Samsung SSDs—840 EVO, 850 EVO, T3 Portable, and T5 Portable drives and found at least one critical flaw that breaks the encryption scheme.
Windows BitLocker won’t help you either if you have one of the affected drives. BitLocker will use hardware encryption if available over its internal software encryption. Basically, BitLocker trusts the hardware it is running on, which is not a good thing. You can force BitLocker to use software-based encryption by doing the following:
- Open the Local Group Policy Editor by entering "gpedit.msc" in the Run dialog.
- Head on to "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption."
- Double-click the "Configure use of hardware-based encryption for fixed data drives" option in the right panel.
- Select the "Disabled" option there and click "OK" to save the new setting.
- Once suspend the BitLocker protection and re-enable it to make the changes in effect.
The good news is that Crucial has firmware updates available for the impacted models. Samsung has patches available for the T3 and T5, but it recommends installing encryption software for the EVO models.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com