Hardware protection is one of the most important parts of today’s computing. It ensures the utmost security on the system, leaving the least possible option for the hacker(s)/crook(s) to get our valuable data. Recently, security researchers found flaws in the popular SSDs that poses a serious threat in data protection.
Using the flaw in the modern, popular SSDs like Samsung and Crucial, security researchers were able to bypass hardware decryption without a password. Carlo Meijer and Bernard van Gastel from Radboud University conducted the research.
They successfully modified the firmware or used a debugging interface to modify the password validation routine in SSD drives and ultimately, decrypt “hardware encrypted” data without password. The test was successful in getting data out of Crucial MX 100, MX 200, MX 300 and Samsung 840 EVO, 850 EVO, T3 Portable, T5 Portable etc.
According to the report, the researchers were able to reverse engineer the firmware of those SSDs. In theory, the hardware encryption was similar to software implementations. In reality, many of those implementations have critical weaknesses as many models allow complete recovery of the data without any knowledge of any secret.
Windows BitLocker is also vulnerable to this issue as it enables hard drive encryption by default.
How the flaw works
In the case of Crucial MX 100, MX 200 and Samsung T3 Portable, the researchers, using the device’s JTAG debugging interface, successfully modified the password validation routine. Then, the routine would allow access to the data regardless of right/wrong password.
In the case of Crucial MX 300, researchers had to use a modified firmware as the JTAG debugging interface was disabled by default. After enabling, the same method decrypted the password without any problem.
Samsung 840 EVO and 850 EVO SSDs were a bit difficult to crack. Depending on the SED specification in action, the researchers had to connect to the JTAG debug port or issue a wear-level concern, allowing them to recover the cryptographic secrets required for unlocking the drive.
How to stay secure
The SSDs that are currently on the market aren’t secure enough to protect your data once crook(s) get their hands on. Before you dump an SSD, you have to make sure that the drive doesn’t contain any important data.
If you’re using BitLocker, make sure that you disable the hardware encryption feature from “Group Policy Editor”.
Go to Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives >> Configure use of hardware-based encryption for operating system drives.
Change the value to “Disabled”.