Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Researchers Break Full-Disk Encryption of Popular SSDs

The encryption mechanism used by several types of solid state drives contains vulnerabilities that an attacker could exploit to access encrypted data without knowing a password.

The encryption mechanism used by several types of solid state drives contains vulnerabilities that an attacker could exploit to access encrypted data without knowing a password.

The issues were discovered by Carlo Meijer and Bernard van Gastel from the Radboud University in the Netherlands and impact popular drives from Samsung and Crucial. The bugs impact both internal and external drives, the researchers explain in a paper (PDF).

Hardware encryption is meant to address weaknesses in software encryption and is performed on the drive itself, usually through a dedicated AES co-processor, with the drive’s firmware in charge of key management. 

Full-disk encryption software could even switch off when hardware encryption is available, and rely solely on the latter. This is what Microsoft Windows’ BitLocker does, meaning that the data is not encrypted at all if hardware encryption fails. 

When it comes to the implementation of a full-disk encryption scheme, there are pitfalls that should be avoided, such as not linking the user password and the disk encryption key (DEK), using a single DEK for the entire disk, or not using enough entropy in randomly generated DEKs. 

Wear levelling could also prove an issue, if the DEK is initially stored unprotected and not overwritten after encryption. Similarly, DEVSLP (device sleep) could prove problematic, if the drive writes its internal state to non-volatile memory and the memory is not erased upon wake-up, as it would allow an attacker to extract the DEK from the last stored state.

The researchers investigated the security of various popular SSD models and discovered that their encryption schemes are impacted by one or more of these issues. 

Crucial MX100 and MX200, for example, lack cryptographic binding between password and DEK, meaning that decryption is possible without actually providing the user-password. This is true for both ATA security and Opal standard implementations that are supported by the models. 

Advertisement. Scroll to continue reading.

“The scheme is essentially equivalent to no encryption, as the encryption key does not depend on secrets,” the researchers note. 

The drives also support a series of vendor-specific commands that engineers use to interact with the device, but which need to be unlocked first. However, the researchers discovered it was trivial to unlock these commands, which allows for code execution on the device. 

On the Samsung 840 EVO, a SATA SSD released in 2013, the ATA password may be cryptographically bound to the DEK, and no weakness was identified in the TCG Opal implementation, the researchers say. However, it would be possible to recover the DEK due to the wear levelling mechanism. 

However, the ATA security mechanism can be tricked into revealing the drive content, and the issue was also found to impact the Samsung 850 EVO (released in 2014). The newer model isn’t vulnerable to the wear levelling attack either, and no weaknesses were found in the TCG Opal implementation either. 

On the Samsung T3 USB external disk, however, there was no cryptographic binding between password and DEK, an issue present on the Samsung T5 portable as well. 

“The results presented in this paper show that one should not rely solely on hardware encryption as offered by SSDs for confidentiality. We recommend users that depend on hardware encryption implemented in SSDs to employ also a software full-disk encryption solution, preferably an open-source and audited one,” the researchers note. 

“A pattern of critical issues across vendors indicates that the issues are not incidental but structural, and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved,” they also point out. 

The vulnerabilities were reported to the affected vendors half a year ago but made public only now. Samsung has publicly acknowledged the flaws and also issued firmware updates to address them on the portable SSDs. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...