Sergey Nivens - Fotolia
Researchers found multiple vulnerabilities in self-encrypting drives. What is the core issue with these vulnerabilities, and what should enterprises look out for with self-encrypting drives?
Solid-state, self-encrypting drives are subject to multiple security flaws. Among the most critical are vulnerabilities associated with implementing security for Advanced Technology Attachment (ATA) drives, a type of disk drive that does not require a separate drive controller because it integrates its own controller internally, and for the standard defined by the Trusted Computing Group (TCG) Opal Security Subsystem Class (SSC) specification, which could enable an unauthenticated attacker to decrypt the contents of an encrypted solid-state drive.
With the ATA security vulnerability, a legitimate user provides a password that is not cryptographically linked to the hardware-based key used to encrypt the data. This means an attacker could access the key without entering a password and then use it to decrypt disk data that has been encrypted.
Researchers at Radboud University, in Nijmegen, Netherlands, found the vulnerabilities in several models of self-encrypting drives, including:
- Micron's Crucial MX100, MX200 and MX300 drives;
- Samsung T3 and T5 portable drives; and
- Samsung 840 EVO and 850 EVO drives that are in ATA high mode. The drives in TCG or ARA max mode are not affected.
With the vulnerability in the TCG Opal SSC, the researchers turned their attention to the wear-level storage chip that stores encryption key information. Wear-leveling doesn't fully remove the old copy of updated data.
When data is moved to a new segment of a chip, previous versions of the data may remain in the old segment. If an attacker enters a new password, the key is then updated. The previous version of the key that is unprotected or guarded with an old password could be accessible. All modes of the Samsung 840 EVO drives can be affected by this tactic.
To guard against these vulnerabilities in self-encrypting drives, enterprises should determine if patches are available and, if so, apply them. If patches are not available, IT should consider software-based decryption.
Additionally, admins should check the Group Policy for Windows' BitLocker to ensure the default encryption is set to software-based. Remember to disable and re-enable BitLocker after the policy is changed to allow the new encryption protection to take effect.
BitLocker is not available in Windows Home edition. Enterprises using non-Windows systems should check for the default drive encryption options available to them.
Dig Deeper on Disk and file encryption tools
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what ... Continue Reading