Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Microsoft Releases Guidance for Users Concerned About Flawed SSD Encryption

After security researchers discovered vulnerabilities in the encryption mechanism of several types of solid-state drives (SSDs), Microsoft decided to explain how one can enforce software encryption instead.

After security researchers discovered vulnerabilities in the encryption mechanism of several types of solid-state drives (SSDs), Microsoft decided to explain how one can enforce software encryption instead.

In a paper published earlier this week, researchers from the Radboud University in the Netherlands revealed a series of bugs in self-encrypting SSDs from Samsung and Crucial that essentially nullify the full-disk encryption feature.

Furthermore, they also showed that the issues can even break software-based encryption. Specifically, they explained, Microsoft’s BitLocker would rely on hardware encryption when it detects the functionality, thus leaving data unprotected on Windows systems where the flawed SSDs are used.

On Tuesday, Microsoft published an advisory to provide information on how users can enforce software encryption on their Windows systems, given that, when a self-encrypting drive is present, BitLocker would use hardware encryption by default.

“Administrators who want to force software encryption on computers with self-encrypting drives can accomplish this by deploying a Group Policy to override the default behavior. Windows will consult Group Policy to enforce software encryption only at the time of enabling BitLocker,” Microsoft says.

Admins can check the type of drive encryption being used (hardware or software) by running ‘manage-bde.exe -status’ from an elevated command prompt. If there are drives encrypted using a vulnerable form of hardware encryption, they can be switched to software encryption via a Group Policy.

To make the switch from hardware encryption to software encryption, the drive would first need to be unencrypted and then re-encrypted using software encryption, the tech giant notes. The drive, however, does not require reformatting.

“If you are using BitLocker Drive Encryption, changing the Group Policy value to enforce software encryption alone is not sufficient to re-encrypt existing data,” Microsoft says.

After configuring and deploying a Group Policy to enable forced software encryption, admins should completely turn off BitLocker to decrypt the drive, and then simply re-enable it.

Related: Researchers Break Full-Disk Encryption of Popular SSDs

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.