SSD encryption security failures revealed by researchers

News by Mark Mayne

Researchers issue warning that hardware encryption on a range of SSDs from Crucial and Samsung is not secure

Relying on hardware encryption for data on SSDs may prove to be a costly mistake, as researchers at Radboud University in the Netherlands issued a warning that in many cases the hardware encryption is simply not secure.

"For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys", said the researchers.

They said: "The situation is worsened by the delegation of encryption to the drive by BitLocker. Due to the default policy, many BitLocker users are unintentionally using hardware encryption, exposing them to the same threats."

The team investigated a range of familiar brand SSDs, including Crucial and Samsung, some of which they found could be unlocked with any password if the password validation routine in RAM was modified through a standard JTAG debugging interface. In one case the master password to decrypt the drive was set as an empty string.

Crucial’s MX100, MX200 and MX300 drives, Samsung’s T3 and T5 USB external disks and Samsung 840 EVO and 850 EVO internal hard disks are specifically mentioned in the research, but other SSD drives may also be at risk.

Alan Woodward, visiting professor in the computer science department at the University of Surrey, told SC Media UK that the situation appeared to be a classic case of locking the front door with a very secure lock but leaving the window wide open.

"The whole point about these devices is that if stolen they are secure at rest. Self-encrypting devices must have certain features to really be able to claim that," he said.

"In this work we saw devices where the master password had been set to ‘[blank]’ and where you could induce buffer overruns to recover the essential data. It appears that they were able to change the password algorithm and substitute their own and access features via JTAG which just shouldn’t be reachable.

"These researchers have explored only a few devices due to time and budget constraints – it does make you wonder what else might be out there in similar self-encrypting devices."

Bill Evans, senior director at One Identity, said that vendors need to step up their game: "To be sure, most vendors are starting to offer ‘security by design’, but all that it takes is one developer or tester looking to shave off a few minutes of the development or testing process by inserting a default password and it becomes part of the source code."

He added: "Vendors and development organisations need to understand that this kind of activity takes place all the time. In response, they need to ensure that actions are constantly reviewed and eliminated as part of the release process."

Gary McGraw, vice president of security technology at Synopsys, commented in a statement that: "Software design is difficult, especially when it comes to security. Hardware security design suffers from many of the very same issues. This design flaw with SSDs percolates up into common disk encryption schemes, showing that in some cases, the flip of a bit means everything. Our only hope is better security engineering and architecture analysis during system design and implementation."

The full research paper, entitled: Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) is available here.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews