A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » General Hardware & Peripherals » General
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security flaws in widely used SSDs



 
 
Thread Tools Display Modes
  #1  
Old November 6th 18, 02:32 PM posted to alt.comp.hardware
Yrrah[_4_]
external usenet poster
 
Posts: 50
Default Security flaws in widely used SSDs

The author has marked this message not to be archived. This post will be deleted on November 20, 2018.

"Researchers at Radboud University in the Netherlands have discovered
that widely used data storage devices with self-encrypting drives do
not provide the expected level of data protection. A malicious expert
with direct physical access to widely sold storage devices can bypass
existing protection mechanisms and access the data without knowing the
user-chosen password.(...)
The models for which vulnerabilities have actually been demonstrated
in practice a
Crucial (Micron) MX100, MX200 and MX300 internal hard disks;
Samsung T3 and T5 USB external disks;
Samsung 840 EVO and 850 EVO internal hard disks.
It should be noted, however, that not all disks available on the
market have been tested. Specific technical settings (related to e.g.
"high" and "max" security) in which internal drives are used may
affect the vulnerability.(...)"
Mo
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
Detailed report:
https://www.ru.nl/publish/pages/909282/draft-paper.pdf

Shut down and disconnect your computer(s) NOW !!! ;-) ;-) ;-)


Yrrah


  #2  
Old November 6th 18, 11:27 PM posted to alt.comp.hardware
Paul[_28_]
external usenet poster
 
Posts: 833
Default Security flaws in widely used SSDs

Yrrah wrote:
"Researchers at Radboud University in the Netherlands have discovered
that widely used data storage devices with self-encrypting drives do
not provide the expected level of data protection. A malicious expert
with direct physical access to widely sold storage devices can bypass
existing protection mechanisms and access the data without knowing the
user-chosen password.(...)
The models for which vulnerabilities have actually been demonstrated
in practice a
Crucial (Micron) MX100, MX200 and MX300 internal hard disks;
Samsung T3 and T5 USB external disks;
Samsung 840 EVO and 850 EVO internal hard disks.
It should be noted, however, that not all disks available on the
market have been tested. Specific technical settings (related to e.g.
"high" and "max" security) in which internal drives are used may
affect the vulnerability.(...)"
Mo
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
Detailed report:
https://www.ru.nl/publish/pages/909282/draft-paper.pdf

Shut down and disconnect your computer(s) NOW !!! ;-) ;-) ;-)


Yrrah



https://www.tomshardware.com/news/cr...sed,38025.html

The scary part, is that Bitlocker defaults to using the drive
hardware encryption support, instead of doing its own crypt.
So if you selected BitLocker, thinking it "added" a layer, if
it detects the drive has hardware crypto, it uses that instead.

The Toms article mentions Veracrypt until the dust settles.

Paul
  #3  
Old November 7th 18, 09:35 AM posted to alt.comp.hardware
Anssi Saari
external usenet poster
 
Posts: 120
Default Security flaws in widely used SSDs

Yrrah writes:

It should be noted, however, that not all disks available on the
market have been tested. Specific technical settings (related to e.g.
"high" and "max" security) in which internal drives are used may
affect the vulnerability.(...)"


Yeah. I have some kind of Samsung OEM drive in my work laptop of which
it's fairly hard to find any information about. After some Googling, I
found the command line stanza to find out, manage-bde.exe -status which
indicates software encryption is in use. So, not vulnerable to this
specific issue.
  #4  
Old November 7th 18, 02:29 PM posted to alt.comp.hardware
Yrrah[_4_]
external usenet poster
 
Posts: 50
Default Security flaws in widely used SSDs

The author has marked this message not to be archived. This post will be deleted on November 21, 2018.

Paul :

"Researchers at Radboud University in the Netherlands have discovered
that widely used data storage devices with self-encrypting drives do
not provide the expected level of data protection. A malicious expert
with direct physical access to widely sold storage devices can bypass
existing protection mechanisms and access the data without knowing the
user-chosen password(...)"

Mo
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
Detailed report:
https://www.ru.nl/publish/pages/909282/draft-paper.pdf


https://www.tomshardware.com/news/cr...sed,38025.html

The scary part, is that Bitlocker defaults to using the drive
hardware encryption support, instead of doing its own crypt.
So if you selected BitLocker, thinking it "added" a layer, if
it detects the drive has hardware crypto, it uses that instead.

The Toms article mentions Veracrypt until the dust settles.


So do the Dutch researchers: "If sensitive data needs to be protected,
it is in any case advisable to use software encryption and not rely
solely on hardware encryption. One option is to use the free and open
source VeraCrypt software package, but other solutions do exist."
Also: "BitLocker, the encryption software built into Microsoft
Windows, can make this kind of switch to hardware encryption but
offers the affected disks no effective protection in these cases.
Software encryption built into other operating systems (such as macOS,
iOS, Android, and Linux) seems to be unaffected if it does not perform
this switch.
(first URL).
I haven't read their full report (second URL) with all the details. It
may be interesting.


Yrrah
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
AMD south bridge SB950 ( in Gigabyte 970A-DS3P rev 2.1 ) has 2 flaws [email protected] AMD x86-64 Processors 1 July 13th 18 01:01 PM
New York Times article on Vista flaws RnR Dell Computers 3 December 28th 06 05:36 AM
Flaws Are Detected in Microsoft’s Vista Sparky Spartacus Dell Computers 0 December 26th 06 07:57 AM
1 Jetway s940 mboard ( M2GT6-PTD ) is unstable & has design flaws TE Chea Nvidia Videocards 3 August 22nd 06 08:41 AM


All times are GMT +1. The time now is 05:55 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright ©2004-2018 HardwareBanter.
The comments are property of their posters.