Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitl
[Image: maxresdefault.jpg]

   Solid State Drives, a good alternative to a Hard Disk Drive, if you are willing to shell out the money for it. One thing that may come with either side of the spectrum is wanting to encrypt either a HDD or an SSD. SSDs are better when there is an option of software encryption, but these ones have hardware based encryption. 

 In turn, researchers from Radboud University discovered flaws in the firmware that could aid attackers in bypassing disk encryption and accessing data. The flaws were discovered in top rated vendors such as Samsung and Crucial. 

 The researchers had this to say: 

 “We found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”

 The researchers used three different SSD models for their experiment. Included in the study was Crucial's Micron MX100, MX200, and the MX300 internal hard disks, Samsung with their T3 and T5 external disks; and Samsung 840 EVO, 850 EVO internal hard disks. Focusing on the "machine off, awareness" model, a model where the victim is aware of physical access to a system by an attacker. What they found were various security flaws, mostly focused in the ATA Security and TCG Opal implementations. They also observed related flaws in Windows BitLocker. 

  The flaws that were discovered are as follows: 

  1. CVE-2018-12037
  2. CVE-2018-12038

  The paper regarding the research can be found here.

  That is the news folks, have a safe rest of the week, and stay awesome. 

01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Claroty Details Vulnerabilities in Schneider PLCs News 0 405 11-11-2020, 09:07 AM
Last Post: News
Star News US Warns: Hackers Chaining Zerologon, Other Vulnerabilities News 0 422 10-11-2020, 01:15 PM
Last Post: News
Star News APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elect News 0 410 10-10-2020, 07:06 AM
Last Post: News
Wink News Mozilla Firefox 75 Is Out With Fixes For RCE vulnerabilities Mr.Kurd 0 832 04-13-2020, 01:13 PM
Last Post: Mr.Kurd
Exclamation News Hackers Exploiting 2 Unpatched Windows 0-Day Vulnerabilities in Wide – Microsoft Warn Mr.Kurd 0 993 03-24-2020, 07:56 AM
Last Post: Mr.Kurd
Rainbow News Researchers Find Security Vulnerabilities In Some of The Top Password Managers Mr.Kurd 0 656 03-23-2020, 08:02 AM
Last Post: Mr.Kurd
Star News Trend Micro Patched Zero-Day Vulnerabilities Under Active Exploit Mr.Kurd 0 638 03-23-2020, 07:54 AM
Last Post: Mr.Kurd
Exclamation News Vulnerabilities In Top Free Android VPN Apps Risk Over 120 Million Users Mr.Kurd 0 702 03-02-2020, 08:36 PM
Last Post: Mr.Kurd
Heart News Critical RCE & Spoofing Vulnerabilities in Microsoft Azure Cloud Let Hackers Compromi Mr.Kurd 0 781 01-31-2020, 07:32 AM
Last Post: Mr.Kurd
  News Google Presents New Plan to Enforce DNS Encryption: Mad-Architect 0 744 10-23-2019, 03:41 PM
Last Post: Mad-Architect

Users browsing this thread: 1 Guest(s)