Self-encrypting solid state drives (SSDs) share a host of structural vulnerabilities - irrespective of manufacturer - that can allow an attacker to access data without any keys or passwords, according to new research from Radboud University in the Netherlands.
Against received wisdom, devices that perform encryption with the SSD itself through ATA security and TCG Opal encryption methods, rather than via software, are vulnerable to attack, the researchers write.
Hardware-based full-disk encryption was devised as a more secure alternative software-based methods after it emerged there were a number of inherent weaknesses with the latter, namely that encryption keys are present in RAM at all times.
Often considered a natural successor to software encryption, according to researchers Carlo Meijer and Bernard van Gastel, SSDs with this capability typically performing encryption via an AES coprocessor, and keep encryption keys on the device. The SSD's firmware then takes care of key management.
After considering a handful of possible flaws in hardware-based full-disk encryption, or self-encrypting drives (SEDs), the pair reverse-engineered the firmware of a sample of SSDs and tried to expose these vulnerabilities.
They learned that hackers can launch a range of attacks, from seizing full control of the CPU to corrupting memory - outlining their findings in a paper titled 'self-encrypting deception: weakness in the encryption of solid state drives (SSDs)'.
There are a host of exploits that can be used, such as cracking master passwords, set by the manufacturer as a factory default. These are routinely found in many SSDs, and if obtained by an attacker could allow them to bypass any custom password set by a user.
"The analysis uncovers a pattern of critical issues across vendors," Meijer and van Gastel wrote, outlining how in several models it is possible to bypass encryption entirely and recover data in full without the need for passwords or keys.
The paper found that several SSDs could be fully compromised, including Crucial's MX100, MX200, MX300 as well as Samsung's T3 and T5 hard drives. Samsung's 840 EVO and 850 EVO SSDs proved a shade more secure, meanwhile, but could still be manipulated.
Meanwhile, delegation of encryption by software to the physical drive itself, if the drive supports TCG Opal, paints a grim picture if the software encryption is bypassed by default, the paper continued.
This is the case with encryption software as BitLocker, which is built into Microsoft Windows. BitLocker opts to default to hardware-based encryption capabilities if this is detected, meaning many users who consciously opted for software encryption are unaware they are using hardware-based encryption - exposing them to the same threats.
The researchers also outlined a case study in which an attacker would seek to breach a locked Crucial MX300 drive with encryption via TCG Opal.
First, an attacker would install a modified firmware that includes read/write capabilities, and then, if encryption is performed via TCG Opal, would write executable code to bypass several layers of security, and access the data.
"The results presented in this paper show that one should not rely solely on hardware encryption as offered by SSDs for confidentiality," the paper recommended.
"We recommend users that depend on hardware encryption implemented in SSDs to employ also a software full-disk encryption solution, preferably an open-source and audited one.
"A pattern of critical issues across vendors indicates that the issues are not incidental but structural, and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved."
