Vulnerabilities in self encrypted SSD allow attackers to bypass disk encryption

Master passwords and flawed standards implementations allow attackers to access encrypted data without having to know the user’s password

Researchers in digital forensics and cybersecurity based in the Netherlands revealed the presence of vulnerabilities in some solid state drives (SSD) that allow an attacker to bypass the disk encryption function and access local data without knowing the user-selected encryption password.

Vulnerabilities only affect SSD models that support hardware-based encryption, where disk encryption operations are carried out through an integrated local chip, separated from the main CPU.

These devices, also known as self encrypting units, have become very popular recently, after it was demonstrated that software-level disk encryption was vulnerable to attacks in which hackers stole the encryption password from the computer’s RAM memory.

But in a recently published digital forensics report, researchers Carlo Meijer and Bernard van Gastal, claim to have identified vulnerabilities in the firmware of these units. “These vulnerabilities affect ‘ATA security’ and ‘TCG Opal’, two specifications for the implementation of hardware-based encryption in SSD.

The two experts argue that the SSD units they analyzed allowed users to set a password that decrypted their data, but also supported the so-called ‘master password’ set by the SSD vendor.

Any attacker who reads an SSD manual can use this master password to access the user’s encrypted password, effectively omitting the user-set password.

The only way users would be safe is by changing the master password or by modifying the ‘Master password capacity ‘ setting to ‘maximum’, which effectively disables it.

But the master password problem was just one of the multiple flaws that the investigators discovered. Digital forensics experts also found that due to incorrect implementations of the TCG Opal specifications, the user-selected password and the real-disk encryption keys were not cryptographically linked. In other words, an attacker can take the value of the disk’s encryption key, which is stored inside the chip, and use it to decrypt the local data without having to know the user’s true password.

“The absence of this property is catastrophic”, the investigators said. “In fact, the protection of user data no longer depends on a secret password. All the information needed to recover the user’s data is stored in the unit itself and can be retrieved”.

Because they had limited access to solid state units, Meijer and van Gastal said they only tested their findings on a small number of devices, but claim that all the devices they tested proved to be vulnerable.

They tested both internal and external SSD (USB-based) with hardware-based encryption support, and believe that other brands and models from many other vendors may also be vulnerable to these errors.

Crucial and Samsung, two of the companies whose solid state units were analyzed by experts, have already released update patches for their respective developments.

According to experts in digital forensics from the International Institute of Cyber Security, the problems encountered can be especially dangerous for Windows users, this due to the default behavior of Windows BitLocker, a system of software-level disk encryption included in the Windows operating system.

According to researchers, each time BitLocker detects a hardware-based encryption device; the application differs from the data encryption process to the hardware device and will not encrypt user data at the software level, leaving them vulnerable to any interference from a malicious actor.