Researchers Comment On SSD Drive Flaws and Their Exploitation Techniques

Decrypting hardware isn’t that difficult anymore. It has been found out that the SSD drives are vulnerable to a glitch that could be abused to dodge the hardware disk decryption wherein the password isn’t required.

Reportedly, the firmware of the “Solid State Drives” were altercated by using a debugging interface which in turn changed the password verification procedure and resulted in the hardware encrypted data being decrypted without a password.

The “Reverse Engineering” method was applied to the SSD drives’ firmware. It was found out after the tests that crucial security errors exist within the hardware implementations. Many models allow the device to recover the entire data without considering the information to be withheld.
Quite prevalent and well-liked SSD drives were examined and analyzed via the aforementioned method. A few of the “Crucial” series, Samsung’s EVO series, Samsung T5, and T3 Portable to name a few were the ones to be tested to elucidate the technique to encrypt the drives’ data.
The flaws that have been already found out could be further malignantly used by making use of the Windows’ BitLocker software which enables easy dodging of the hard drive encryption.

In drives where debug ports were available the Security Self-encrypting Drive (SED) standard was applied and otherwise the later version, TCG Opal SED specification was made use of. The researchers applied different techniques for different disks.

Samsung and the other organizations were duly informed about the erroneous glitch so as to give them appropriate time for fabricating the suitable updates.

Samsung has made available the firmware update for just the T3 and T5 drives whereas, Crucial SSD drives are available with latest updated firmware. EVO must be used with software encryption. 

Crucial MX 100 and 200, and Samsung T3 portable SSD drives’ JTAG debugging interfaces were connected with and the password validation process was altered which resulted in validation of any password that was entered. Crucial MX 300 being an exception because its debugging port was disabled on the drive.

MX 300 was breached by introducing an elaborate firmware modification that helped to decrypt the password or allowed the authentication via the usage of a null password.

The major techniques that were used were connecting to the JTAG and debugging, modifying the password validation process or the wear-level issue that helps to attain the cryptographic data to unlock which was used sometime before, but this varies according to the SED specification used. Samsung’s 850 EVO doesn’t have the aforementioned issue and hence the password technique was used with it. 

The problem with BitLocker is that its software decryption is super weak. The operating system in windows immediately senses an SSD drive with hardware encryption and sets it as default for users. The drives encrypted by BitLocker are hence easily decrypted by exploiting the aforementioned flaws.  The flaw is not officially known to exist.

The researchers suggest that users should use Windows Group Policy and should disable its usage by going at “Computer ConfigurationAdministrative templates Windows components BitLocker drive encryption Operating system drives”, the process is called Configure use of hardware-based encryption for operating system drives.

After these policies are altered the drive must be entirely decrypted and then BitLocker should be enabled. 

Leave a Reply