+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitl (/showthread.php?tid=836)
Vulnerabilities In Major Self-Encrypting SSDs Allow Encryption Bypass and Affect Bitl - Mad-Architect - 11-08-2018
![[Image: maxresdefault.jpg]](https://i.ytimg.com/vi/WmvpSTVu9N4/maxresdefault.jpg)
Solid State Drives, a good alternative to a Hard Disk Drive, if you are willing to shell out the money for it. One thing that may come with either side of the spectrum is wanting to encrypt either a HDD or an SSD. SSDs are better when there is an option of software encryption, but these ones have hardware based encryption.
In turn, researchers from Radboud University discovered flaws in the firmware that could aid attackers in bypassing disk encryption and accessing data. The flaws were discovered in top rated vendors such as Samsung and Crucial.
The researchers had this to say:
“We found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”
The researchers used three different SSD models for their experiment. Included in the study was Crucial's Micron MX100, MX200, and the MX300 internal hard disks, Samsung with their T3 and T5 external disks; and Samsung 840 EVO, 850 EVO internal hard disks. Focusing on the "machine off, awareness" model, a model where the victim is aware of physical access to a system by an attacker. What they found were various security flaws, mostly focused in the ATA Security and TCG Opal implementations. They also observed related flaws in Windows BitLocker.
The flaws that were discovered are as follows:
1. CVE-2018-12037
2. CVE-2018-12038
The paper regarding the research can be found here.
That is the news folks, have a safe rest of the week, and stay awesome.
----Sh7nk-Z0id