Flaws in Popular SSDs Let Attackers Bypass Disk Encryption

Critical Encryption Bypass Flaws in Some Popular SSDs

Recently, researchers at Radboud University in the Netherlands have tested several popular SSDs and exposed critical vulnerabilities in SSD encryption that allow attackers to bypass disk encryption and access local data without a user password.

SED Vulnerabilities

And this security flaw only affects SSDs with hardware-based encryption. Such devices are well known as self-encrypting drives (SEDs) that are popular now.

But researchers Carlo Meijer and Bernard van Gastel say that they have identified vulnerabilities in the firmware of SEDs in a new academic paper. These flaws in self-encrypting SSDs impact TCG Opal and ATA security that are two specifications used to implement hardware-based encryption on SED.

According to the research, SEDs allow users to set a password to decrypt their data but also support for a so-called master password set by SED makers.

This lets attackers who have access to an SED’s manual use the master password to access user’s encrypted password.However the strength of the victim’s password is, they can bypass the disk encryption.

The only way that users can do is that they can change the master password or configure the Master Password Capability setting of SED to the maximum.

Additionally, another flaw is also discovered by researchers. The user password and the actual disk encryption key (DEK) are not cryptographically linked because of improper implementations of TCG Opal and ATA security specifications.

The absence of this link is disastrous since it can let attackers acquire the disk encryption key stored in the SED’s chip and use it to decrypt local data without asking the actual user password.

Actually, critical security weakness exists in many drives since all information required for complete data recovery is saved on the drive and can be retrieved without knowledge of any password. 

Some SSDs with Hardware-based Encryption Are Affected Due to Windows BitLocker

Reportedly, several SSDs from Samsung and Crucial are affected by these flaws. Here is products list that has been confirmed:

• Crucial (Micron) MX100, MX200, and MX300 SSD
• Samsung 840 EVO and 850 EVO SSD
• Samsung T3 and T5 Portable SSD

In a new paper titled “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)”, researchers explain how they modify the firmware or use a debugging interface to change the password validation routine in solid state drives so as to decrypt data without a password.

In fact, the problems reported are much deeper than researchers initially realized, especially for Windows users. This is because of the default behavior of Windows BitLocker.

Most modern operating systems like Linux and macOS provide software encryption to allow users to perform the whole disk encryption. But Windows BitLocker uses hardware encryption when available, as a result, it falls prey to the SSD flaw.

According to researchers, Windows will automatically use BitLocker to encrypt a disk in the hardware level by default when the system detects an SSD with hardware encryption.

What Should Windows Users Do

For Windows users, there is a piece of good news: BitLocker’s encryption can be forced to work at the software level. And users can do this via Windows Group Policy by going to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure use of hardware-based encryption for operating system drives.

When switching encryption on the drive, please first unencrypt the drive and then re-enable BitLocker to use software encryption.