Major SSD security flaw lets attackers bypass encryption

Newsfeed

MyBroadband Newsfeed
Joined
Jun 28, 2017
Messages
6,290
#1
Major SSD security flaw lets attackers bypass encryption

Radboud University has discovered a significant security flaw in self-encrypting solid state drives.

According to the research, an attacker with access to the self-encrypting drive’s manual can use a built-in default master password to gain access to a user’s encrypted password, bypassing the drive’s encryption regardless of the strength of the victim’s password.
 

Shaun108

Executive Member
Joined
May 11, 2009
Messages
8,034
#3
Laughable. This is like having a steel strongroom but leaving the key under the mat.
 

Zarathustra

Expert Member
Joined
Aug 7, 2003
Messages
1,000
#4
Just update the firmware:

https://www.micron.com/products/solid-state-storage/storage-executive-software

Graphic User Interface:

Storage Executive Software for Linux 32-bit Systems (RUN) - https://www.micron.com/~/media/docu...ive-software/storageexecutive_linux_32bit.run

Storage Executive Software for Windows 32-bit Systems (EXE) - https://www.micron.com/~/media/docu...e-software/storageexecutive_windows_32bit.exe

Storage Executive Software for Windows 64-bit Systems (EXE) - https://www.micron.com/~/media/docu...e-software/storageexecutive_windows_64bit.exe

Storage Executive Software for Linux 64-bit Systems (RUN) - https://www.micron.com/~/media/docu...ive-software/storageexecutive_linux_64bit.run

Command Line:

msecli Software for Windows 32-bit Systems (EXE) - https://www.micron.com/my-account/l...olid-state-storage/storage-executive-software

msecli Software for Linux 32-bit Systems (RUN) - https://www.micron.com/my-account/l...olid-state-storage/storage-executive-software

msecli Software for Windows 64-bit Systems (EXE) - https://www.micron.com/my-account/l...olid-state-storage/storage-executive-software

msecli Software for Linux 64-bit Systems (RUN) - https://www.micron.com/my-account/l...olid-state-storage/storage-executive-software
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
2,545
#5
Disk encryption only helps if your device is stolen.

Even though Gigabyte's device was encrypted, did not stop his home affairs video leaking.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
37,225
#7
Researchers recommended that users enable full software-level encryption through solutions such as Microsoft’s BitLocker tool to mitigate the vulnerability.
That's not what I read here: https://www.itpro.co.uk/encryption/32302/critical-vulnerabilities-ssd-encryption
Meanwhile, delegation of encryption by software to the physical drive itself, if the drive supports TCG Opal, paints a grim picture if the software encryption is bypassed by default, the paper continued.

This is the case with encryption software as BitLocker, which is built into Microsoft Windows. BitLocker opts to default to hardware-based encryption capabilities if this is detected, meaning many users who consciously opted for software encryption are unaware they are using hardware-based encryption - exposing them to the same threats.
 

kianm

Honorary Master
Joined
Jan 13, 2014
Messages
10,393
#11
Top