0

Some SSDs advertise support for “hardware encryption.” If you enable BitLocker on Windows, Microsoft trusts your SSD and doesn’t do anything. But researchers have found that many SSDs are doing a terrible job, which means BitLocker isn’t providing secure encryption.

Many SSDs Don’t Implement Encryption Properly

Even if you enable BitLocker encryption on a system, Windows 10 may not actually be encrypting your data. Instead, Windows 10 may be relying on your SSD to do it, and your SSD’s encryption may be easily broken.

That’s the conclusion from a new paper by researchers at Radbound University. They reverse engineered the firmwares of many solid-state drives and found a variety of issues with the “hardware encryption” found in many SSDs.

The researchers tested drives from Crucial and Samsung, but we definitely wouldn’t be surprised if other manufacturers had major issues. Even if you don’t have any of these specific drives, you should be concerned.

For example, the Crucial MX300 includes an empty master password by default. Yes, that’s right—it has a master password set to nothing, and that empty password gives access to the encryption key that encrypts your files. That’s crazy.

BitLocker Trusts SSDs, But SSDs Aren’t Doing Their Jobs

This wouldn’t normally matter—after all, who uses the hardware encryption on an SSD? Windows users would use BitLocker instead. And BitLocker encrypts the files before storing them on the SSD, right?

Read the remaining 22 paragraphs


Post a Comment Blogger

We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.

 
Top