Are Some SSD Drives Susceptible To Hacking?

November 14, 2018

Written by wukovits

A research team has found an exploit that allows hackers to decrypt and view encrypted files on a number of well-known SSD drives.

They include:

  • Samsung T5 Portable
  • Samsung T3 Portable
  • Samsung 850 EVO
  • Samsung 840 EVO
  • Crucial MX 300
  • Crucial MX 200
  • Crucial MX 100

According to the research team:

“We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.  In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations.  In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”

The team disclosed their findings to both Crucial and Samsung to give both of the companies an opportunity to prepare firmware updates and get them out to their clients.

Crucial has responded swiftly, offering firmware updates to all three of the impacted drives.  Samsung’s response has been a bit more sluggish.  To date, they’ve released firmware updates for the T3 and T5 models. Apparently though, the company has no plans to update their EVO drives, having issued a statement encouraging EVO users to opt for software encryption instead.

Unfortunately, there’s another fly in the ointment.  Windows’ BitLocker software encryption will default to hard drive encryption if it finds it supported on a given drive. This means that BitLocker cannot be counted on as a viable software encryption solution.  The same flaws that allow hackers access to the drives mentioned above will also allow them to circumvent BitLocker.

The bottom line is simply this:  If you’re relying on your SSD drive to secure your data, it may not be offering you as much protection as you had hoped, especially if you’re currently using a Samsung EVO drive.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon