Vulnerabilities in Self-Encrypting SSDs Enable Attackers to Bypass Disk Encryption



[ad_1]

samsung-ssd-t3-glitched.jpg

A glitch rendering of a Samsung SSD T3 model

Original photo of Samsung

Researchers at Radboud University in the Netherlands today revealed vulnerabilities in some Solid State Drive (SSD) disks that allow an attacker to bypass the disk encryption feature and access it. local data without knowing the encryption password chosen.

The vulnerabilities only affect SSD models that support hardware encryption, where disk encryption operations are performed through a local embedded chip, separate from the main CPU.

These devices are also known as self-encrypting disks (SEDs) and have become popular in recent years after full disk encryption at the software level has been proven vulnerable to attack by hackers who stole the password. encryption in the RAM of the computer.

But in a new academic article published today, two Radboud researchers, Carlo Meijer and Bernard van Gastel, claim to have identified vulnerabilities in the SED firmware.

These vulnerabilities affect "ATA security" and "TCG Opal", two specifications for implementing hardware encryption on SEDs.

Both say that the SEDs they analyzed allow users to set a password that decrypts their data, but they also support a "master password" defined by the SED provider.

Any attacker who has read the SED manual can use this master password to access the user's encrypted password, effectively bypassing the user's custom password.

The only way to protect users is to change the master password or configure the SED master password capacity setting to "Maximum", which effectively disables it.

But the main password problem was just one of the many flaws discovered by the researchers. The two researchers also found that due to inappropriate implementations of ATA security and TCG Opal specifications, the password chosen by the user and the disk encryption key (DEK) were not linked cryptographically.

In other words, an attacker can recover the DEK value – which is stored in the SED chip – and use it to decrypt the local data without having to know the password of the user .

"Absence of this [cryptographically linking] The property is catastrophic, "the researchers said. Indeed, the protection of the data of the user no longer depends on secrets. All information needed to retrieve user data is stored on the drive and can be retrieved. "

The other questions are detailed in the researchers' document entitled "Automatic Encryption Disappointment: Weaknesses in SSD Encryption, "which can be downloaded as PDF from here.

Due to limited access to SSDs, Meijer and van Gastel stated that they had tested their discoveries only on a small number of devices, listed in the table below, but that They had all been vulnerable.

ssd-study-results.png "height =" auto "width =" 370 "data-original =" https://zdnet4.cbsistatic.com/hub/i/r/2018/11/05/ad7d30c0-dd84-4d75 -b443-43f68c1f5c14 / resize / 370xauto / 066c43335c481748281607bbf1156c8e / ssd-study-results.png

Image: Meijeir et al.

They have tested internal and external (portable USB-based) SSDs with hardware-based encryption support, and are convinced that other brands and models from many other vendors may also be vulnerable.

The researchers made their discoveries in April of this year and since then they have been working with the National Cybersecurity Center (NCSC) in the Netherlands to inform all relevant suppliers.

The two SSD vendors they tested – Crucial (Micron) and Samsung – have released firmware updates to address reported defects.

But the reported problems go well beyond the initial knowledge of researchers, especially Windows users, who are at greater risk than others.

This is due to the default behavior of Windows BitLocker, a software-level full-disk encryption system included in the Windows operating system.

According to the researchers, whenever BitLocker detects a device that supports hardware encryption, the application defers the process of encrypting the data on the hardware device and does not encrypt user data at the software level.

Given the researchers' findings, this means that many BitLocker users may actually expose their encrypted data if they use one of the vulnerable Crucial and Samsung SSDs, or a large number of vulnerable SSDs yet to discover. that rely on ATA security and TCG Opal implementations.

The good news for Windows users is that BitLocker encryption can be forced to operate at the software level through a Group Policy setting. However, the bad news is that they will have to format their SSD and reinstall everything, because the old data will remain encrypted in the same place. hardware level even if they change the BitLocker settings.

Radboud's two researchers recommend users use a full disk encryption system, such as VeraCrypt, to protect their data, instead of relying on newer hardware, until other groups of research are exploring SSDs based on SED. based solutions.

In addition, since the root of the problem lies in the way vendors implemented hardware-level encryption specifications, the two researchers also advised the TCG workgroup to "publish an Opal reference implementation to help developers, "and make this example of implementation. so that security researchers can search for vulnerabilities.

This will ensure that future SEDs implement the Opal specification correctly, in which user data can not be retrieved after superficial reverse engineering sessions.

"The complexity of TCG Opal contributes to the difficulty of implementing cryptography in SEDs," researchers said. "From a security point of view, standards should focus on simplicity over a large number of features."

Related coverage:

[ad_2]
Source link