Hackers can Break into your SSDs following a Serious Flaw

Solid State Drives (SSDs), one of the most reliable storage devices for PCs and laptops, has been unleashed to have a flaw that leads to hacking attacks as the hackers can easily access the encrypted data without using a password.

Those SSD models have affected by this vulnerability that supports hardware-based encryption. This type of encryption uses built-in chips for the transmission of disk encryption operations and are separate from the main CPU.

Hackers were able to fetch the encryption password from the RAM of the computer.

Bernard Van Gastel and Carlo Meijer, the researchers who found this flaw after their research, stated that it directly affects ATA Security and TCG Opal. The said terms are used for the implementation of hardware-based encryption in SEDs.

Although a custom password is set by the users to access the encrypted data. But this flaw allows hackers to break a master password that is set by the SED vendor. SED manuals already have the master password that can be used by anyone.

The best practice is to change the master password to overcome this vulnerability because the main culprits behind this vulnerability are the implementation of standards and master password.
Related: Microsoft Office, Internet Browsers and Android Apps are the Easiest Targets of Cyber Attacks
Samsung and Crucial (Micron) immediately released firmware updates to get rid of this flaw as both of these vendors' SEDs were tested during this research.

Windows users are more prone to this issue as the Windows BitLocker that is used to encrypt full disk on the software level, cannot encrypt the users' data at the software level during the detection of a device that is capable of hardware-based encryption.

The SED users have been recommended by the researchers to use full disk encryption systems at software-level, for example, VeraCrypt.

Flaws in self-encrypting SSDs let attackers bypass disk encryption

Source: Zdnet.

No comments:

Post a Comment