Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial. The flaws are present in both internal and external storage devices from these manufacturers, and even affect Microsoft Windows environments that use BitLocker for full-disk encryption.
According to a report released by university researchers, the self-encrypting drives lack certain key defenses normally found in software full-disk encryption, including protections against physical attacks and malware-based data exfiltration. Consequently, attackers can exploit such deficiencies in order to bypass credentials-based protections and access the data inside the SSDs.
Samsung and Crucial were reportedly notified of these issues six months ago. "The results are being made public today so that users of the affected SSDs can protect their data properly," said researcher Bernard van Gastel, in a Radboud press release.
Firmware patches for some, but not all devices have been issued in response to the discovery, but the researchers say these updates are insufficient, and have expressed doubts that future updates will fix the issues. For this reason, the researchers recommend that users of the affected SSDs and BitLocker instead rely on a combination of hardware and software full-disk encryption (preferably using an open-source and audited solution), instead of relying exclusively on the former.
Alternatively, BitLocker users can enable software encryption instead of hardware encryption by executing an entirely new installation, erasing the internal drive and configuring the Group Policy to prohibit TCG Opal (a standard used for hardware encryption). Reconfiguring the policy without reinstalling is not an option for devices that have already been deployed.
"This problem requires action, especially by organisations storing sensitive data on these devices. And also by some consumers who have enabled these data protection mechanisms. But most consumers haven’t done that," said researcher Carlo Meijer, also in the release.
The researchers detected the flaws by reverse engineering the devices using less than 100 Euros worth of equipment. The first class of vulnerabilities, designated CVE-2018-12037, is described in the report as "the absence of cryptographic binding between the password provided by the end user and the cryptographic key used for the encryption of user data. As such, the confidentiality of the user data does not depend on secrets, and thus can be recovered by an attacker who has code execution on the drive’s controller."
Products confirmed to be affected are the Crucial (Micron) MX100, MX200 and MX300 internal hard disks; the Samsung T3 and T5 USB external disks; and the Samsung 840 EVO and 850 EVO internal hard disks (the last two are only at risk when the ATA security feature set to high).
Researchers say the other vulnerability, identified as CVE-2018-12038, affects the Samsung 840 and is "characterized by key information stored within a wear-leveled storage chip. As such, multiple writes issued to the same logical sector may result in writes to different physical sectors. In [the case of] the end user setting a password, the unprotected key information is overwritten on a logical level with an encrypted variant. However, the unprotected key information may still exist within the storage chip."
The academic researchers said in the case of both vulnerabilities, they were successfully able to pull off a data recovery attack as a proof of concept. The researchers did not investigate every brand and model of SSDs, meaning their list of affected devices is not intended to be exhaustive.