The flaws allow anyone with the requisite know-how and physical access to the drives to recover encrypted data without the need for any passwords or decryption keys.
One fundamental flaw was a failure to properly bind the disk encryption key (DEK) to a password.
The full disk hardware encryption available on some widely used storage devices is so poorly implemented there may as well not be any encryption on them at all,
Another fundamental flaw the researchers discovered allows for a disk encryption key to be recovered from an SSD even after a user sets a new master password for it. In this case, the vulnerability is tied to a property of flash memory in SSDs called "wear leveling,"
https://www.darkreading.com/vulnerabilities---threats/critical-encryption-bypass-flaws-in-popular-ssds-compromise-data-security/d/d-id/1333207
No comments:
Post a Comment