Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Microsoft Releases Guidance for Users Concerned About Flawed SSD Encryption

After security researchers discovered vulnerabilities in the encryption mechanism of several types of solid-state drives (SSDs), Microsoft decided to explain how one can enforce software encryption instead.

After security researchers discovered vulnerabilities in the encryption mechanism of several types of solid-state drives (SSDs), Microsoft decided to explain how one can enforce software encryption instead.

In a paper published earlier this week, researchers from the Radboud University in the Netherlands revealed a series of bugs in self-encrypting SSDs from Samsung and Crucial that essentially nullify the full-disk encryption feature.

Furthermore, they also showed that the issues can even break software-based encryption. Specifically, they explained, Microsoft’s BitLocker would rely on hardware encryption when it detects the functionality, thus leaving data unprotected on Windows systems where the flawed SSDs are used.

On Tuesday, Microsoft published an advisory to provide information on how users can enforce software encryption on their Windows systems, given that, when a self-encrypting drive is present, BitLocker would use hardware encryption by default.

“Administrators who want to force software encryption on computers with self-encrypting drives can accomplish this by deploying a Group Policy to override the default behavior. Windows will consult Group Policy to enforce software encryption only at the time of enabling BitLocker,” Microsoft says.

Admins can check the type of drive encryption being used (hardware or software) by running ‘manage-bde.exe -status’ from an elevated command prompt. If there are drives encrypted using a vulnerable form of hardware encryption, they can be switched to software encryption via a Group Policy.

To make the switch from hardware encryption to software encryption, the drive would first need to be unencrypted and then re-encrypted using software encryption, the tech giant notes. The drive, however, does not require reformatting.

“If you are using BitLocker Drive Encryption, changing the Group Policy value to enforce software encryption alone is not sufficient to re-encrypt existing data,” Microsoft says.

Advertisement. Scroll to continue reading.

After configuring and deploying a Group Policy to enable forced software encryption, admins should completely turn off BitLocker to decrypt the drive, and then simply re-enable it.

Related: Researchers Break Full-Disk Encryption of Popular SSDs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.