Researchers warn of severe SSD security vulnerabilities

[nir]

 

Researchers from the Netherlands' Radboud University have published a paper detailing how hardware encryption systems built into popular solid-state drives (SSDs) can be bypassed to recover supposedly-protected data - and how that renders Microsoft's BitLocker encryption moot on affected systems.

 

It's common to see solid-state storage devices boasting hardware encryption, typically based around the Advanced Encryption Standard (AES). Using such devices, the manufacturers promise, data is transparently and invisibly encrypted as it is written, without the loss of performance traditionally associated with software-based encryption. If the drive is taken out of the host system, the data is entirely inaccessible - or, at least, it's supposed to be inaccessible.

 

A research paper from Carlo Meijer and Bernard van Gastle, published in draft today, suggests otherwise: The pair detail numerous methods for obtaining access to supposedly-protected data on a range of popular SSD devices, with most failing to protect their contents and providing complete and unrestricted access. 'In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations,' the researchers explain in the paper's abstract. 'In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.'

 

The team's research looked at seven SSD device families in total: the Crucial MX100, MX200, and MX300 in all available form factors; the Samsung 840 EVO and 850 EVO in SATA variants; and the Samsung T3 and T5 USB SSDs. Compromises allowing for full access to the encrypted data without the need to know the secret key supposedly protecting the contents were found on all Crucial and both Samsung USB drive models; only the Samsung 840 EVO and 850 EVO escaped complete compromise, with the researchers noting that bypass of the cryptographic protections was only available in selected scenarios.

 

'For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys. A pattern of critical issues across vendors indicates that the issues are not incidental but structural,' the researchers argue while naming the TCG Opal standard as being extremely hard to implement correctly, 'and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved.'

 

For those looking to secure their data, the researchers warn that software-based encryption systems may not offer complete protection: While arguing that the inclusion of AES-accelerating instructions in modern processors means that speed is no longer an issue in switching between software and hardware encryption, the pair found that some supposedly software-based systems default to using hardware encryption when available anyway - including Microsoft's BitLocker encryption facility, built into its Windows operating system - leaving them exposed to the same attacks.

 

The paper, 'Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs),' is available in draft form now (PDF warning).

 

Source

[steven36]

When a password of “” can open up your encrypted drive

 

 

Many companies now use full disk encryption for their computers, especially for laptops on the move. So while the usage of TrueCrypt has faded, especially when its open source developers gave up maintaining the code, it has been up to Microsoft BitLocker to take over and become the tool of choice for encrypting disk drives.

But is it actually robust? Well, not if you read this paper [link]:

 

I cannot even start to explain how bad this discovery is for the industry, and a complete embarrassment for the vendors involved. The lack of integration between vendors seems almost negligent in the extreme.

The paper outlines that some SSD drives (including Samsung and Crucial) do not actually encrypt the data properly, and that they can be easily by-passed without a system password.

The manufacturers of the drives have been informed through ethical disclosure (in April 2018), and users are being asked to rely on software encryption rather than the embedded hardware encryption. A particular risk is Windows BitLocker — which has a virtual monopoly in the market place for complete disk encryption — as it often relies on the hardware encryption used in the SSD drives.

The affected disks include:

• Crucial (Micron) MX100, MX200 and MX300 internal hard disks.
• Samsung T3 and T5 USB external disks.
• Samsung 840 EVO and 850 EVO internal hard disks.

The research team did not run tests across all the available SSD disks, but found that the following disks could be compromised with a range of attacks:

 

The researchers investigated the MASTER PASSWORD CAPABILITY bit
in the firmware and which can be set so that a factory-set Master password can unlock the drive. For the Samsung MX300 SSD it was found there was no need to set this bit as it could be reset by decrypting the RDS key. The master password thus protects the main encryption key used for the disk. In the case of the MX300 drive this is “” (an empty string!!!!!!!!!!!!!). Yes … you read that correctly … the password which releases the encryption key for the whole disk is an empty string (32 NULL characters — 32 0x00 byte values):

 

Within disk encryption, a system can either use software encryption (and where the data is encrypted before it is presented to the disk) or use hardware encryption (and where the operating system relies on the disk hardware to encrypt and decrypt). The setting for software or hardware encryption is defined in a Group Policy [here]. If the disk supports hardware encryption it will use that option. For the disks effected, a complete reinstall it required, and where the group policy is changed to software encryption. Otherwise a software encryption package named VeraCrypt is recommended as an alternative to BitLocker.

Conclusions

If you need to have full disk encryption, and you have an SSD drive, you just cannot trust hardware encryption. At least with software encryption the data is encrypted before it gets anywhere near your disk. A master password of “” (an empty string — or 32 NULL characters) is shocking, and negligence of the highest kind.

The researchers recommend using an open sourced (and auditable) software encryption method such as VeraCrypt, along with hardware encryption. VeraCrypt is based on the well-loved TrueCrypt open-sourced software distribution:

https://github.com/veracrypt/VeraCrypt

Source

 

I tried to tell people on here years ago  that BitLocker was weaken by Microsoft for the government and to use open source  and a member here argue with me because they  got offended because they used it you can't  trust nothing  really but  at lest  if they try and backdoor open source  they can fork it and remove  the backdoor .

 

 

[vibranium]

Still no firmware updates from Samsung.

 

Crucial issues firmware patches for MX100, MX200 but not MX300.

 

They had 6 months to make patches. These days you just can't trust big companies with everything.

 

[nir]

SSD Encryption Bug Makes Microsoft’s BitLocker Useless Updated

 

Researchers find way to get around SSD hardware encryption

 

UPDATE: Here are the instructions on how to temporary resolve the bug in Windows 10 by switching from hardware encryption to software encryption in BitLocker. Original story below.

 

A major security vulnerability in the hardware encryption system of several Solid State Drives (SSDs) leads to additional problems for Windows users, breaking down the BitLocker feature bundled into the operating system.

 

The security flaw was discovered by Dutch security researchers Carlo Meijer and Bernard von Gastel from Radboud University and describe a method that relies on firmware reverse-engineering to access data without an encryption key.

 

The research paper shows that in some cases, drives can be accessed without any password, while in others, the only thing a potential hacker would need is to send an empty string as a password in order to decrypt the drive and access the stored data.

 

According to their findings, the flaw exists in several SSDs, including Crucial MX100, MX200 and MX300, as well as Samsung's T3 and T5, 840 EVO and 850 EV internal SATA SSDs.

 

Microsoft’s BitLocker broken down

 

To make the matter worse, Microsoft’s BitLocker, which is available for all Windows users, appears to be rendered useless by the vulnerability.

 

And it’s all because, by default, BitLocker uses hardware encryption for SSD drives. If it’s not available, then the feature switches to software encryption to protect the data on the drive.

 

Microsoft has already acknowledged the bug and said that it exists on all Windows versions where BitLocker is offered, including Windows 10.

 

“Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption. On Windows computers with self-encrypting drives, BitLocker Drive Encryption™ manages encryption and will use hardware encryption by default,” the company says.

 

Users are recommended to switch from hardware encryption to software encryption if they use one of the affected SSDs. The temporary mitigation can be implemented from the Group Policy on the impacted Windows versions.

 

Source