Home → News → Flaws in Self-Encrypting SSDs Let Attackers Bypass... → Full Text

Flaws in Self-Encrypting SSDs Let Attackers Bypass Disk Encryption

By ZDNet

November 12, 2018

[article image]

Researchers at Radboud University in the Netherlands have found vulnerabilities in certain solid-state drives (SSDs) that allow hackers to circumvent disk encryption and access local data without knowing the disk encryption password.

The vulnerabilities only impact SSD models that support hardware-based encryption, or self-encrypting drives (SEDs).

The firmware weaknesses affect ATA security and TCG Opal, two specifications for deployment of hardware-based encryption on SEDs.

Analysis revealed the SEDs permitted users to set an encryption password, but also came with support for a vendor-established "master password," which attackers can use to access the user's encrypted password.

Also, improper implementations of the ATA security and TCG Opal specifications mean the user-chosen password and the actual disk encryption key (DEK) lack a cryptographical connection, an oversight the researchers deemed "catastrophic."

From ZDNet
View Full Article


Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


No entries found