Major SSD security flaw lets attackers bypass encryption

Newsfeed

MyBroadband Newsfeed
Joined
Jun 28, 2017
Messages
6,424
Major SSD security flaw lets attackers bypass encryption

Radboud University has discovered a significant security flaw in self-encrypting solid state drives.

According to the research, an attacker with access to the self-encrypting drive’s manual can use a built-in default master password to gain access to a user’s encrypted password, bypassing the drive’s encryption regardless of the strength of the victim’s password.
 

Shaun108

Executive Member
Joined
May 11, 2009
Messages
8,195
Laughable. This is like having a steel strongroom but leaving the key under the mat.
 

Zarathustra

Expert Member
Joined
Aug 7, 2003
Messages
1,000

system32

Expert Member
Joined
Dec 29, 2009
Messages
2,750
Disk encryption only helps if your device is stolen.

Even though Gigabyte's device was encrypted, did not stop his home affairs video leaking.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
39,029
Researchers recommended that users enable full software-level encryption through solutions such as Microsoft’s BitLocker tool to mitigate the vulnerability.
That's not what I read here: https://www.itpro.co.uk/encryption/32302/critical-vulnerabilities-ssd-encryption
Meanwhile, delegation of encryption by software to the physical drive itself, if the drive supports TCG Opal, paints a grim picture if the software encryption is bypassed by default, the paper continued.

This is the case with encryption software as BitLocker, which is built into Microsoft Windows. BitLocker opts to default to hardware-based encryption capabilities if this is detected, meaning many users who consciously opted for software encryption are unaware they are using hardware-based encryption - exposing them to the same threats.
 

kianm

Honorary Master
Joined
Jan 13, 2014
Messages
10,418
Disk encryption only helps if your device is stolen.

Even though Gigabyte's device was encrypted, did not stop his home affairs video leaking.
Did they explain exactly how his video was stolen ?
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
2,750

kianm

Honorary Master
Joined
Jan 13, 2014
Messages
10,418
Top