Technology, Top News

Researchers discover that SSD encryption is utterly borked

SOLID STATE DRIVES are borked. Well, okay, they aren’t, but they aren’t as secure as we thought they were.

Researchers from Radboud University in the Netherlands have published a paper detailing several flaws that allow anyone with a mind to, to retrieve data from a flash disk, even if it’s supposedly encrypted.

In theory, at least, AES encryption should stop you from accessing data on a disc that isn’t plugged in to its home system.

But the researchers, Carlo Meijer and Bernard van Gastel, demonstrate that not only can the data be recovered, but there’s more than one way to do it:

“In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations,’ the researchers explain in the paper’s abstract. ‘In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”

But surely this only applies to cheap and nasty drives? Doesn’t it?

Well, actually, a world of no.

The experiment looked at top-of-the-range drives from the likes of Crucial (MX100, MX200, MX300) and Samsung (840 EVO, 850 EVO, T3, T5).  Yeah. Not good. Only the T3 and T5 (external) drives passed the test. The rest were vulnerable, some to non-cryptographic hacking, others completely laid bare.

“But that’s alright”, we hear you bluster, “there’s software encryption for that”.

Wrong for two reasons. One is that software encryption by its very nature will slow down system performance. The other is that software encryption often defaults to hardware encryption, assuming that it has your back and then stands down to avoid impacting your experience.

But surely this only applies to cheap and nasty drives? Doesn’t it?

No. No it doesn’t. BitLocker, the Microsoft encryption with each and every new copy of Windows does it. Meaning it is nigh on ashtray-on-a-motorbike usefulness. μ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend