- Joined
- Oct 9, 2007
- Messages
- 47,311 (7.52/day)
- Location
- Hyderabad, India
System Name | RBMK-1000 |
---|---|
Processor | AMD Ryzen 7 5700G |
Motherboard | ASUS ROG Strix B450-E Gaming |
Cooling | DeepCool Gammax L240 V2 |
Memory | 2x 8GB G.Skill Sniper X |
Video Card(s) | Palit GeForce RTX 2080 SUPER GameRock |
Storage | Western Digital Black NVMe 512GB |
Display(s) | BenQ 1440p 60 Hz 27-inch |
Case | Corsair Carbide 100R |
Audio Device(s) | ASUS SupremeFX S1220A |
Power Supply | Cooler Master MWE Gold 650W |
Mouse | ASUS ROG Strix Impact |
Keyboard | Gamdias Hermes E2 |
Software | Windows 11 Pro |
Compared to hard disk drives, the logic that makes solid-state drives (SSDs) tick is far more complex, involving a far more powerful SoC, complete with native storage, and sophisticated firmware that tells the controller where each bit of user data is physically stored across an array of NAND flash chips. Not surprisingly, the more sophisticated you make your SSD firmware, the more security vulnerabilities you leave, as cyber-security researchers at The Radboud University found out.
A research paper draft published by Carlo Meijer and Bernard van Gastel tells us that hardware data encryption technologies built into modern SSDs are easy to bypass and recover protected data, rendering technologies such as TCG Opal useless. Most modern SSDs offer native data encryption, which encrypts data using popular methods such as AES, without posing an overhead for the host machine. "We found that many hardware implementations [of native encryption] have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret."
The team examines two of the most popular SSD brands, Crucial and Samsung, and their most popular client-segment products: MX100, MX200, MX300, 840 EVO, 850 EVO, T4, and T5 external. "For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys. A pattern of critical issues across vendors indicates that the issues are not incidental but structural,' the researchers argue while naming the TCG Opal standard as being extremely hard to implement correctly, 'and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved," the paper reads.
Shortly after the publication of this draft, Samsung responded with an online notice asking customers to immediately switch to software encryption methods to secure their data while it begins to figure out the research and possibly release firmware updates in the near future.
You can access the current draft of the research paper here (PDF).
View at TechPowerUp Main Site
A research paper draft published by Carlo Meijer and Bernard van Gastel tells us that hardware data encryption technologies built into modern SSDs are easy to bypass and recover protected data, rendering technologies such as TCG Opal useless. Most modern SSDs offer native data encryption, which encrypts data using popular methods such as AES, without posing an overhead for the host machine. "We found that many hardware implementations [of native encryption] have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret."
The team examines two of the most popular SSD brands, Crucial and Samsung, and their most popular client-segment products: MX100, MX200, MX300, 840 EVO, 850 EVO, T4, and T5 external. "For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys. A pattern of critical issues across vendors indicates that the issues are not incidental but structural,' the researchers argue while naming the TCG Opal standard as being extremely hard to implement correctly, 'and that we should critically assess whether this process of standards engineering actually benefits security, and if not, how it can be improved," the paper reads.
Shortly after the publication of this draft, Samsung responded with an online notice asking customers to immediately switch to software encryption methods to secure their data while it begins to figure out the research and possibly release firmware updates in the near future.
You can access the current draft of the research paper here (PDF).
View at TechPowerUp Main Site