Researchers from Radboud University in the Netherlands have announced a flaw that affects some SSDs that feature hardware-based security; the flaw could allow an attacker to completely bypass disk encryption. Bypassing the encryption would give the hackers full access to the local data without having to know the password for the disk. The researchers are clear that the flaw only affects certain SSD models that have hardware-based encryption.
SSDs with hardware-based encryption have specific chips inside that handle the task of encrypting and decrypting data. The vulnerabilities that researchers Carlo Meijer and Bernard van Gastel found are in the firmware of the SSDs. The duo says that the vulnerabilities they have discovered
Some drives the researchers looked at had improper implementations of ATA security and TCG Opal specifications. These faulty implementations meant that the user-chosen password and the disk encryption key weren't cryptographically linked. The researchers wrote, "Absence of this [cryptographically linking] property is catastrophic. Indeed, the protection of the user data then no longer depends on secrets. All the information required to recover the user data is stored on the drive itself and can be retrieved."
The duo admits that they have only tested a limited number of SSDs at this time, but that the flaws found worked on each of the drives. The drives that were tested in the research project include the Crucial MX100, Crucial MX200, Crucial MX300, Samsung 840 Evo, Samsung 850 Evo, Samsung T3, and Samsung T5.
Unfortunately for Windows users, they are more vulnerable than other OS users because Windows BitLocker defers to the hardware-based encryption of the SSD, leaving the data unencrypted at the software level. With the vulnerabilities widespread among devices, the researchers have suggested that the TCG working group publish a reference implementation of Opal to aid developers and prevent this sort of issue in the future.