Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitl
#1
[Image: maxresdefault.jpg]


   Solid State Drives, a good alternative to a Hard Disk Drive, if you are willing to shell out the money for it. One thing that may come with either side of the spectrum is wanting to encrypt either a HDD or an SSD. SSDs are better when there is an option of software encryption, but these ones have hardware based encryption. 


 In turn, researchers from Radboud University discovered flaws in the firmware that could aid attackers in bypassing disk encryption and accessing data. The flaws were discovered in top rated vendors such as Samsung and Crucial. 

 The researchers had this to say: 


 “We found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”



 The researchers used three different SSD models for their experiment. Included in the study was Crucial's Micron MX100, MX200, and the MX300 internal hard disks, Samsung with their T3 and T5 external disks; and Samsung 840 EVO, 850 EVO internal hard disks. Focusing on the "machine off, awareness" model, a model where the victim is aware of physical access to a system by an attacker. What they found were various security flaws, mostly focused in the ATA Security and TCG Opal implementations. They also observed related flaws in Windows BitLocker. 

  The flaws that were discovered are as follows: 

  1. CVE-2018-12037
  2. CVE-2018-12038
 

  The paper regarding the research can be found here.


  That is the news folks, have a safe rest of the week, and stay awesome. 


  ----Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Wink News Mozilla Firefox 75 Is Out With Fixes For RCE vulnerabilities Mr.Kurd 0 433 04-13-2020, 01:13 PM
Last Post: Mr.Kurd
Exclamation News Hackers Exploiting 2 Unpatched Windows 0-Day Vulnerabilities in Wide – Microsoft Warn Mr.Kurd 0 651 03-24-2020, 07:56 AM
Last Post: Mr.Kurd
Rainbow News Researchers Find Security Vulnerabilities In Some of The Top Password Managers Mr.Kurd 0 324 03-23-2020, 08:02 AM
Last Post: Mr.Kurd
Star News Trend Micro Patched Zero-Day Vulnerabilities Under Active Exploit Mr.Kurd 0 307 03-23-2020, 07:54 AM
Last Post: Mr.Kurd
Exclamation News Vulnerabilities In Top Free Android VPN Apps Risk Over 120 Million Users Mr.Kurd 0 359 03-02-2020, 08:36 PM
Last Post: Mr.Kurd
Heart News Critical RCE & Spoofing Vulnerabilities in Microsoft Azure Cloud Let Hackers Compromi Mr.Kurd 0 462 01-31-2020, 07:32 AM
Last Post: Mr.Kurd
  News Google Presents New Plan to Enforce DNS Encryption: Mad-Architect 0 422 10-23-2019, 03:41 PM
Last Post: Mad-Architect
Exclamation News vBulletin releases patch update for new RCE and SQLi vulnerabilities Mr.Kurd 0 485 10-19-2019, 08:35 AM
Last Post: Mr.Kurd
  News Check Point Software Discovered To Have Major Flaw: Mad-Architect 0 435 08-29-2019, 04:20 PM
Last Post: Mad-Architect
  News Huwei Facing Scrutiny Over Multiple Web Vulnerabilities: Mad-Architect 0 434 07-08-2019, 10:07 AM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)