Hardware-based disk encryption can be bypassed in certain SSDs

Cal Jeffrey

Posts: 2,633   +614
Staff member

They successfully tested their exploits against the Crucial MX100, MX200, and MX300 SSDs as well as Samsung’s 840 EVO, 850 EVO, T3 Portable, and T5 Portable drives. The researchers say they were able to reverse engineer the firmware on these devices and reprogram them to validate the password no matter what is entered.

“We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”

What’s more, since Windows’ BitLocker software encryption defaults to hardware encryption when it is available, it can also be bypassed with the same methods.

There are three techniques that Meijer and van Gastel found to exploit these flaws.

With the Crucial MX100, MX200, the Samsung 850 EVO, and T3 Portable, they were able to able to physically connect to the drives’ JTAG debugging interface and modify the password verification checks. Any password typed in would decrypt the drive.

The Crucial MX300 also has a JTAG port, but they discovered it is disabled by default. So instead the researchers flashed the drive with a counterfeit firmware. This allowed them to authenticate with an empty password field.

With the remaining drives, they were able to recover data encryption keys (DEK) using a “wear leveling” exploit.

“Suppose that the DEK is stored unprotected, after which a password is set by the end user, replacing the unprotected DEK with an encrypted variant,” they explain. “Due to wear leveling, the new variant can be stored somewhere else within the storage chip and the old location is marked as unused. If not overwritten later by other operations, the unprotected variant of the DEK can still be retrieved.”

Crucial and Samsung were notified of the flaw well in advance of announcing it publicly. Crucial has already released patched firmware for all affected drives except the MX300, which has not been updated since 2017. Samsung also rolled out updates for its T3 and T5 Portable SSD. For its EVO drives, however, the company recommends using software encryption.

Meijer and van Gastel are preparing to publish a paper on the flaws titled “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs).” It is currently in the peer-review process, but if you’re into the nitty-gritty details, they have made a preliminary copy available for download on the Radboud University website.

Permalink to story.

 
Last edited:

Bullwinkle M

Posts: 380   +280
This is not news

I have been writing about this problem for years

I showed that Kingston thumb drives had static hardware encryption keys and I covered the problem before Bruce Schneier or anyone else did back in 2010

NEWSFLASH!
Bitlocker software encryption is also backdoored!
 
  • Like
Reactions: Vito05 and Reehahs

GreenNova343

Posts: 440   +330
Surprise, surprise: if you have full physical access to a storage drive, including the ability to take it apart & get to the internal components, you can eventually find a way around the encryption.
 
I

iamcts

You should automatically assume that any encryption method - whether software or hardware - is backdoored if it isn't open source.
 

Bullwinkle M

Posts: 380   +280
You should automatically assume that any encryption method - whether software or hardware - is backdoored if it isn't open source.
Always assume that hardware encryption is backdoored as there is no open source

For software, always assume that Microsoft, if forced, will provide the incorrect source code for a specific component of Windows, for a specific version of Windows

It's like the Mob....
Always keep a second set of books,...... just in case
 

jobeard

Posts: 13,984   +1,782
When physical security is breached (ie: direct access to the device), all bets are off for all known means of data protection. Now try the same stunt with the device properly install and a remote access vector -- when you repeat the results, THEN you will have a story to tell.