Researchers warn of severe SSD security vulnerabilities

Researchers from the Netherlands' Radboud University have published a paper detailing how hardware encryption systems built into popular solid-state drives (SSDs) can be bypassed to recover supposedly-protected data - and how that renders Microsoft's BitLocker encryption moot on affected systems.

It's common to see solid-state storage devices boasting hardware encryption, typically based around the Advanced Encryption Standard (AES). Using such devices, the manufacturers promise, data is transparently and invisibly encrypted as it is written, without the loss of performance traditionally associated with software-based encryption. If the drive is taken out of the host system, the data is entirely inaccessible - or, at least, it's supposed to be inaccessible.

A research paper from Carlo Meijer and Bernard van Gastel, published in draft today, suggests otherwise: The pair detail numerous methods for obtaining access to supposedly-protected data on a range of popular SSD devices, with most failing to protect their contents and providing complete and unrestricted access. 'In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations,' the researchers explain in the paper's abstract. 'In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.'

The team's research looked at seven SSD device families in total: the Crucial MX100, MX200, and MX300 in all available form factors; the Samsung 840 EVO and 850 EVO in SATA variants; and the Samsung T3 and T5 USB SSDs. Compromises allowing for full access to the encrypted data without the need to know the secret key supposedly protecting the contents were found on all Crucial and both Samsung USB drive models; only the Samsung 840 EVO and 850 EVO escaped complete compromise, with the researchers noting that bypass of the cryptographic protections was only available in selected scenarios.

'For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys. A pattern of critical issues across vendors indicates that the issues are not incidental but structural,' the researchers argue while naming the TCG Opal standard as being extremely hard to implement correctly, 'and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved.'

For those looking to secure their data, the researchers warn that software-based encryption systems may not offer complete protection: While arguing that the inclusion of AES-accelerating instructions in modern processors means that speed is no longer an issue in switching between software and hardware encryption, the pair found that some supposedly software-based systems default to using hardware encryption when available anyway - including Microsoft's BitLocker encryption facility, built into its Windows operating system - leaving them exposed to the same attacks.

The paper, 'Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs),' is available in draft form now (PDF warning).

UPDATE 1750:

Samsung has confirmed the researchers' findings, issuing a consumer notice which recommends the use of software-based encryption to protect internal SSDs and the installation of a freshly-released upgrade to the firmware on its T1, T3, and T5 USB-connected SSDs. For T3 and T5 owners, the process is simple; T1 owners, meanwhile, are advised to contact Samsung support.

UPDATE 20181109:

Micron has provided a statement confirming the vulnerabilities, and like Samsung is recommending both the installation of updated firmware and a switch to software-based encryption. 'Micron is aware of the Radboud University researchers’ report describing a potential security vulnerability in Crucial MX100, MX200 and MX300 products as well as another manufacturer’s products,' the statement reads.

'This vulnerability can only be exploited by an individual with physical access to the drive, deep technical SSD knowledge and advanced engineering equipment. Micron recommends software based encryption to provide additional protection against these vulnerabilities, and has also developed firmware updates to address vulnerabilities in the MX100, MX200 and MX300 products.The MX100 and MX200 firmware updates are available today on crucial.com and MX300 firmware will be added on November 13, 2018. Micron is committed to conducting business with integrity and accountability, which includes delivering best-in-class product quality, security, and customer support.'

Microsoft, meanwhile, has issued an advisory notice which contains instructions for checking whether BitLocker is using hardware or software encryption and, in the case of the former, advice to enforce software encryption using a Group Policy, disable BitLocker to decrypt the drive and disable hardware encryption, then re-enable it to re-encrypt the drive using software encryption.