DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 14, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 160 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

SSDs with hardware encryption are easily hacked

Posted on Wednesday, November 07 2018 @ 15:23:52 CET by


Security researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands discovered that the hardware-based encryption found on many popular solid state disks can easily be bypassed.

For their paper (PDF), the researchers scrutinized three Crucial and four Samsung SSDs. The disks require a password for encryption and decryption, but this password can be reprogrammed via a debug port. The researchers conclude the disks fail to cryptographically tie to owner's password to the actual data encryption key (DEK). By reprogramming the SSD's firmware, the owner's password can be skipped, jumping straight to using the DEK.
A paper [PDF] drawn up by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, and made public today, describes these critical weaknesses. The bottom line is: the drives require a password to encrypt and decrypt their contents, however this password can be bypassed, allowing crooks and snoops to access ciphered data.

Basically, the cryptographic keys used to encrypt and decrypt the data are not derived from the owner's password, meaning, you can seize a drive and, via a debug port, reprogram it to accept any password. At that point, the SSD will use its stored keys to cipher and decipher its contents. Yes, it's that dumb.
If you need encryption, you're recommended to skip the built-in encryption and use software-based BitLocker or something like VeraCrypt.

Via: The Register



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba