acm-header
Sign In

Communications of the ACM

Home/News/Flaws in Self-Encrypting SSDs Let Attackers Bypass.../Full Text
ACM TechNews

Flaws in Self-Encrypting SSDs Let Attackers Bypass Disk Encryption

By ZDNet
November 12, 2018
Comments
View as: Print Mobile App Share:
A glitched rendering of a Samsung SSD.

Vulnerabilities in some solid-state drives allow an attacker to bypass the disk encryption feature and access local data without knowing the user-chosen disk encryption password.

Credit: Samsung

Researchers at Radboud University in the Netherlands have found vulnerabilities in certain solid-state drives (SSDs) that allow hackers to circumvent disk encryption and access local data without knowing the disk encryption password.

The vulnerabilities only impact SSD models that support hardware-based encryption, or self-encrypting drives (SEDs).

The firmware weaknesses affect ATA security and TCG Opal, two specifications for deployment of hardware-based encryption on SEDs.

Analysis revealed the SEDs permitted users to set an encryption password, but also came with support for a vendor-established "master password," which attackers can use to access the user's encrypted password.

Also, improper implementations of the ATA security and TCG Opal specifications mean the user-chosen password and the actual disk encryption key (DEK) lack a cryptographical connection, an oversight the researchers deemed "catastrophic."

From ZDNet
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account