DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 21, 2019 
Main Menu
News archives

Who's Online
There are currently 129 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

SSDs with hardware encryption are easily hacked

Posted on Wednesday, November 07 2018 @ 15:23:52 CET by

Security researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands discovered that the hardware-based encryption found on many popular solid state disks can easily be bypassed.

For their paper (PDF), the researchers scrutinized three Crucial and four Samsung SSDs. The disks require a password for encryption and decryption, but this password can be reprogrammed via a debug port. The researchers conclude the disks fail to cryptographically tie to owner's password to the actual data encryption key (DEK). By reprogramming the SSD's firmware, the owner's password can be skipped, jumping straight to using the DEK.
A paper [PDF] drawn up by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, and made public today, describes these critical weaknesses. The bottom line is: the drives require a password to encrypt and decrypt their contents, however this password can be bypassed, allowing crooks and snoops to access ciphered data.

Basically, the cryptographic keys used to encrypt and decrypt the data are not derived from the owner's password, meaning, you can seize a drive and, via a debug port, reprogram it to accept any password. At that point, the SSD will use its stored keys to cipher and decipher its contents. Yes, it's that dumb.
If you need encryption, you're recommended to skip the built-in encryption and use software-based BitLocker or something like VeraCrypt.

Via: The Register



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba