[German]Security researchers have found vulnerabilities in popular SSD drives. These make it possible to bypass an data encryption and read the encrypted data without the encryption key. Windows and its Bitlocker encryption are particularly affected. But there are solutions to avoid this weakness.
Security researchers discover an SSD vulnerability
Based on public information and using evaluation equipment valued at around €100, security researchers were able to unencrypt SSD media without knowing the encryption keys. In other words, if you have access to a SSD, [in some circumstances] it doesn’t matter whether the data on it is encrypted or not. However, this only applies to hardware-based encryption, which is performed by the firmware of the SSD.
The security researchers Carlo Meijer and Bernard van Gastel from the Dutch Radboud University have just published their findings in a report (currently as a draft) entitled “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)“. This article on the university’s website summarizes the whole thing.
The security researchers explain that they were able to modify the firmware of the drives in a required way, because they could use a debugging interface to bypass the password validation routine in SSD drives. It does require physical access to a (internal or external) SSD. But the researchers were able to decrypt hardware-encrypted data without a password. The researchers write that they will not release any details in the form of a proof of concept (PoC) for exploit.
The encrypted SSD has a master password that’s set to “”. But don’t worry, customers, you can turn it off! Everything will be fine. pic.twitter.com/hSlPCMyHsi
— Matthew Green (@matthew_d_green) 5. November 2018
Matthew Green tweeted the comment above, but that seems not be true. The researchers simply read out the key from SSD storage cells, because it is located in ‘raw’ form on the SSD.
Some more details
The security researchers have issued a security advisory that reveals some more details. There are practically two different vulnerabilities:
- CVE-2018-12037: Based on the absence of a cryptographic link between the password provided by the end user and the cryptographic key used to encrypt user data.
- CVE-2018-12038: Based on the way key information is stored in the wear-levelling cells of SSDs. There, multiple write accesses to one logical sector can lead to write accesses to different physical sectors. When the end user sets a password, the unprotected key information at the logical level is overwritten with an encrypted variant. However, the unprotected key information may still be present in individual SSD cells.
The Samsung 840 EVO is affected by the latter vulnerability. Researcher Bernard van Gastel said: “The affected manufacturers were informed six months ago, in line with normal professional practices. The results are now being published so that the users of the SSDs concerned can adequately protect their data”. Researcher Carlo Meijer added: “This problem requires action, particularly from companies or consumers, who store sensitive data on these devices”.
Popular SSDs affected
After the security researchers came across a potential security issue in the firmware of SSD drives, they wanted to know more. They purchased SSDs from Samsung and Cruical through regular retail channels to investigate the potential vulnerability. The result of this investigation was that the vulnerability could be practically demonstrated in the following SSD models:
- Crucial (Micron) MX100, MX200 und MX300 (interne hard disks);
- Samsung T3 und T5 USB externe Festplatten;
- Samsung 840 EVO und 850 EVO interne Festplatten.
However, it should be noted that not all SSD hard drives available on the market have been tested. This means that other models may be affected.
Windows with Bitlocker is potentially unsafe
In Windows (e.g. Enterprise), drives can be encrypted using BitLocker. The encryption method for BitLocker is defined by a group policy. BitLocker can use a hardware or software encryption method for this purpose.
The problem: If supported, Bitlocker uses a hardware-based encryption method by default. Then the SSD drive or its firmware takes over the encryption and decryption. At a first glance, this might be a good idea. But the implementation may put this approach at risk. With the current implementation of the firmware of the SSD mentioned above, his means that the ‘encrypted’ data can be retrieved directly from the SSD using modified firmware and without knowledge of the key (which can be recovered, if necessary). The confidentiality, which should be granted by the Bitlocker encryption, is no longer given.
Being earnest now: Microsoft trusting these devices to implement Bitlocker has to be the single dumbest thing that company has ever done. It’s like jumping out of a plane with an umbrella instead of a parachute.
— Matthew Green (@matthew_d_green) 5. November 2018
Security researcher Matthew Green has drawn a ‘picture’ of the situation within the tweet above. The security researchers from the Netherlands write that modern operating systems rely on software-based encryption for this reason. The software-based encryption integrated into other operating systems (such as macOS, iOS, Android and Linux) therefore does not seem to be impaired.
Software-based encryption as workaround
To avoid decryption of confidential data by unauthorized persons who do not know the key, the default GPO setting for Bitlocker for SSD models need to be changed in a way, so that only software-based encryption is used.
Unfortunately, according to the security researchers, it is not sufficient to change the group policy for Bitlocker, since existing data will then not be re-encrypted (by software). To be on the safe side with Bitlocker, the drive must be completely reformatted (and Windows must be reinstalled if necessary). According to security researchers, only a completely new installation, including reformatting the internal drive, will enforce software encryption.
The last paragraph isn’t completely true. According to my blog post Bitlocker on SSDs: Microsoft Security Advisory Notification (Nov. 6, 2018) Microsoft says – unencrypting and re-encrypting of a drive is sufficient to secure the data.
Alternatively, the security researchers suggest to use the open source software package VeraCrypt to encrypt the data carrier. Details may be obtained from the documents linked above. Bleeping Computer and The Register have also articles about this.
Addendum: Microsoft has published a security advisory about that topic, see my blog post Bitlocker on SSDs: Microsoft Security Advisory Notification (Nov. 6, 2018).
Dell: New BIOS is causing Bitlocker issues
Windows 10 V1803: Fix for Bitlocker bug in Nov. 2018?
New Surface Book 2 Firmware Update with Bitlocker issue
Windows 10 V1803: No BitLocker recovery backup in AD
Windows 10 V1607: Hyper-V/Bitlocker/DeviceGuard as upgrade stopper
Surface Pro 3: Vulnerability in TPM chip–update required!
Security: TPM vulnerable; and dump mode for Intel ME