IT | Nov 8, 2018 | Master3395
This is the list of devices that are not secure.
Security researchers have revealed critical errors in the security of a number of popular SSD disks.
Physical access to the disk is required
The researchers have found that they can relatively easily modify the firmware, or use a debugger, to change the password in the SSD and thus decrypt content that should initially be encrypted and hidden behind a password.
The problem here is that the error affects highly popular devices like:
Not difficult with some knowledge
Another problem here is that customers believe that hardware encryption is safer than software, but it's not true in this case simply because the holes are so big and gross:
"We got all the data without knowing any secret," explains researchers Carlo Meijer and Bernard van Gastel of Radboud University in the Netherlands.
In Windows, the problem is even worse when Windows BitLocker software encryption automatically selects hard disk encryption if supported, and can, therefore, be tricked with the same newly discovered tricks.
Disable SSD encryption in Windows
You can disable SSD's hardware encryption from Windows Group Policy:
"Computer Configuration \ Administrative Templates \ Windows Components \ BitLocker Drive Encryption \ Operating System Drives" -find "Configure use of hardware-based encryption for operating system drives".
This makes the companies
Crucial has actually updated the firmware on its disks, while Samsung has more work to do since they have only patched the T3 and T5.
Samsung, therefore, recommends owners of Evo disks to use software encryption instead.
Keywords: Hardware, Security, Ssd
Sources: Bleeping Computer