{"id":283509,"date":"2018-11-06T08:27:12","date_gmt":"2018-11-06T06:27:12","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=283509"},"modified":"2018-11-06T08:30:10","modified_gmt":"2018-11-06T06:30:10","slug":"major-ssd-security-flaw-lets-attackers-bypass-encryption","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/283509-major-ssd-security-flaw-lets-attackers-bypass-encryption.html","title":{"rendered":"Major SSD security flaw lets attackers bypass encryption"},"content":{"rendered":"

Radboud University has\u00a0discovered<\/a><\/strong> a significant security flaw in self-encrypting solid state drives.<\/p>\n

According to the research, an attacker with access to the self-encrypting drive’s manual can use a built-in default master password to gain access to a user’s encrypted password, bypassing the drive’s encryption regardless of the strength of the victim’s password.<\/p>\n

Additionally, attackers can bypass improper implementations of TCG Opal and ATA security implementations by acquiring the disk encryption key stored on the drive’s chip and using it to decrypt the data without requiring the user’s password.<\/p>\n

“We found that critical security vulnerabilities in the drives studied exist,” the researchers stated.<\/p>\n

“It is in many cases possible to recover the contents of the drive without knowledge of any password or secret key, thereby bypassing the encryption entirely.”<\/p>\n

This security flaw is only present in devices with hardware-based encryption.<\/p>\n

Several SSDs manufactured by Samsung and Crucial are reportedly affected by this issue.<\/p>\n

Below is the list of products confirmed to be affected:<\/p>\n