Tuesday, November 6, 2018

Common sense says "Encryption" means that you will need a "KEY" to decrypt it - when the researchers tested self-encrypting SSDs from Samsung and Crucial — they found fundamental vulnerabilities in many models that make it possible for someone to bypass the encryption entirely



The flaws allow anyone with the requisite know-how and physical access to the drives to recover encrypted data without the need for any passwords or decryption keys.

One fundamental flaw  was a failure to properly bind the disk encryption key (DEK) to a password.

The full disk hardware encryption available on some widely used storage devices is so poorly implemented there may as well not be any encryption on them at all,


Another fundamental flaw the researchers discovered allows for a disk encryption key to be recovered from an SSD even after a user sets a new master password for it. In this case, the vulnerability is tied to a property of flash memory in SSDs called "wear leveling,"


https://www.darkreading.com/vulnerabilities---threats/critical-encryption-bypass-flaws-in-popular-ssds-compromise-data-security/d/d-id/1333207

No comments:

Post a Comment