Sign In

Communications of the ACM

ACM TechNews

Flaws in Self-Encrypting SSDs Let Attackers Bypass Disk Encryption


A glitched rendering of a Samsung SSD.

Vulnerabilities in some solid-state drives allow an attacker to bypass the disk encryption feature and access local data without knowing the user-chosen disk encryption password.

Credit: Samsung

Researchers at Radboud University in the Netherlands have found vulnerabilities in certain solid-state drives (SSDs) that allow hackers to circumvent disk encryption and access local data without knowing the disk encryption password.

The vulnerabilities only impact SSD models that support hardware-based encryption, or self-encrypting drives (SEDs).

The firmware weaknesses affect ATA security and TCG Opal, two specifications for deployment of hardware-based encryption on SEDs.

Analysis revealed the SEDs permitted users to set an encryption password, but also came with support for a vendor-established "master password," which attackers can use to access the user's encrypted password.

Also, improper implementations of the ATA security and TCG Opal specifications mean the user-chosen password and the actual disk encryption key (DEK) lack a cryptographical connection, an oversight the researchers deemed "catastrophic."

From ZDNet
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found