Security News Flaws in self-encrypting SSDs let attackers bypass disk encryption

[silversurfer]

Content source

https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/

Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

Researchers' paper, titled "Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)," which can be downloaded in PDF format from here.

 

[Eddie Morra]

The two say that the SEDs they've analyzed, allowed users to set a password that decrypted their data, but also came with support for a so-called "master password" that was set by the SED vendor.

Any attacker who read an SED's manual can use this master password to gain access to the user's encrypted password, effectively bypassing the user's custom password.

1. Implements hardware-assisted encryption because attackers were getting round software-level encryption because of techniques like credential theft in-memory.
2. Implements a master password and then has the cheek to actually document it for anyone to find in the manual.
3. Now the attackers do not have to do as much work.

 

[Solarquest]

Microsoft Tells Windows 10 BitLocker Users: Turn It Off And On Again

 

[DeepWeb]

Microsoft Tells Windows 10 BitLocker Users: Turn It Off And On Again

This is some Top 3 advice. Right after #1 turn your computer on and off and #2 disconnect and reconnect your modem.