Are Some SSD Drives Susceptible To Hacking?

November 14, 2018

Written by wukovits

A research team has found an exploit that allows hackers to decrypt and view encrypted files on a number of well-known SSD drives.

They include:

  • Samsung T5 Portable
  • Samsung T3 Portable
  • Samsung 850 EVO
  • Samsung 840 EVO
  • Crucial MX 300
  • Crucial MX 200
  • Crucial MX 100

According to the research team:

“We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.  In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations.  In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”

The team disclosed their findings to both Crucial and Samsung to give both of the companies an opportunity to prepare firmware updates and get them out to their clients.

Crucial has responded swiftly, offering firmware updates to all three of the impacted drives.  Samsung’s response has been a bit more sluggish.  To date, they’ve released firmware updates for the T3 and T5 models. Apparently though, the company has no plans to update their EVO drives, having issued a statement encouraging EVO users to opt for software encryption instead.

Unfortunately, there’s another fly in the ointment.  Windows’ BitLocker software encryption will default to hard drive encryption if it finds it supported on a given drive. This means that BitLocker cannot be counted on as a viable software encryption solution.  The same flaws that allow hackers access to the drives mentioned above will also allow them to circumvent BitLocker.

The bottom line is simply this:  If you’re relying on your SSD drive to secure your data, it may not be offering you as much protection as you had hoped, especially if you’re currently using a Samsung EVO drive.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.