Security researchers discovered poor implementation of SSD encryption by major manufacturers -- and the issue was...
exacerbated by Microsoft BitLocker trusting that encryption.
Carlo Meijer and Bernard van Gastel, researchers at Radboud University in the Netherlands, reverse engineered the firmware for some hard drive models made by Crucial and Samsung and found that the SSD encryption could be bypassed because the data encryption password is not tied to the owner's password. This meant data could be accessed with almost any password on some devices and without any password on others.
"The analysis uncovers a pattern of critical issues across vendors. For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys," Meijer and van Gastel wrote in their findings. "The situation is worsened by the delegation of encryption to the drive if the drive supports TCG Opal, as done by BitLocker. In such case, BitLocker disables the software encryption, relying fully on the hardware implementation. As this is the default policy, many BitLocker users are unintentionally using hardware encryption, exposing them to the same threats."
Craig Young, computer security researcher for the Vulnerability and Exposures Research Team at Tripwire, said that expecting manufacturer SSD encryption "to provide meaningful security of the data it stores is like letting the lunatics run the asylum," and added that users tend to misunderstand the security benefits of full-disk encryption.
"There is a widespread misconception that encrypting data on a hard drive (or SSD) secures it from hackers. The truth however is that full-disk encryption only thwarts a few limited attack vectors and, in most breaches, it is completely irrelevant. Disk encryption is a mitigation against physical attacks. The main attack scenario is that of a device being lost, stolen, or temporarily falling into hostile hands (e.g. evil maid attack)," Young wrote via email. "Furthermore, this security measure is primarily a benefit when the system is completely powered off to avoid the possibility that an attacker can exploit a physical weakness to gain access to data or decryption keys. Once a running system is infected with malware, there is effectively no protection from the disk encryption."
Matthew Green, cryptography expert and professor at Johns Hopkins University's Information Security Institute, heavily criticized Microsoft on Twitter for trusting SSD encryption.
Being earnest now: Microsoft trusting these devices to implement Bitlocker has to be the single dumbest thing that company has ever done. It's like jumping out of a plane with an umbrella instead of a parachute.— Matthew Green (@matthew_d_green) November 5, 2018
Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, noted that not all versions of BitLocker rely on SSD encryption.
"On Windows 7, for example, encryption is handled by BitLocker directly. On Windows 10, BitLocker allows offloading encryption to the SSD. So, there is always a way to disable the hardware-based encryption and still have the hard drives encrypted in software," Hahad said. "It is very difficult to synchronize one OS vendor with so many different hardware manufacturers. I think a better option could be to recognize the vulnerable devices and turn on software encryption instead of hardware encryption."
In response, Microsoft released a security advisory detailing how users can check if BitLocker is relying on SSD encryption or if software encryption has been enabled.
Young said it was important that BitLocker's software encryption be opt-in rather than being enabled by default, even if it would mitigate this issue.
"Encrypting all Windows systems by default could have serious repercussions for less savvy users who encounter data loss due to disk corruption. Some systems may also have notable performance degradation when using fully encrypted disks," Young said. "A better solution would be for Microsoft to establish a certification process by which drive vendors can submit their products for security certification similar to how devices can be certified for Windows compatibility. Only those which have been specifically reviewed and confirmed to have similar security promises as BitLocker should be trusted in place of BitLocker."