| Submit your comments on this article |
| Science & Technology |
| Researcher break SSD security codes |
| 2018-11-06 |
| [TheRegister] Fundamental flaws in the encryption system used by popular solid-state drives (SSDs) can be exploited by miscreants to easily decrypt data, once they've got their hands on the equipment. A paper [PDF] drawn up by researchers Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands, and made public today, describes these critical weaknesses. The bottom line is: the drives require a password to encrypt and decrypt their contents, however this password can be bypassed, allowing crooks and snoops to access ciphered data. Basically, the cryptographic keys used to encrypt and decrypt the data are not derived from the owner's password, meaning, you can seize a drive and, via a debug port, reprogram it to accept any password. At that point, the SSD will use its stored keys to cipher and decipher its contents. Yes, it's that dumb. The egghead duo tested three Crucial and four Samsung models of SSDs, and found them more or less vulnerable to the aforementioned attack. All of them tried, and failed, to securely implement the TCG Opal standard of encryption. "The analysis uncovers a pattern of critical issues across vendors," according to the researchers. "For multiple models, it is possible to bypass the encryption entirely, allowing for a complete recovery of the data without any knowledge of passwords or keys." In particular, the researchers said, the SSDs fail to link the owner's password to the actual data encryption key (DEK), both of which are stored in the drive. The SSD's builtin processor and firmware are free to use the DEK whenever they like, but only choose to do so when the correct password is supplied. If the firmware is reprogrammed or manipulated by someone with physical access to the device's debug ports, it can be made to skip the password stuff, and go straight to using the DEK. Really, the DEK should in some way be derived from the owner's passphrase. No passphrase, no complete key. In reality, the SSDs cheat. What's more, many drives use a single DEK for the entire flash disk, even though they offer to secure different sections with different passwords. In practice, the Radboud duo say they were able to decrypt the data on a number of SSDs simply by connecting to the drive's debug interface on its circuit board, and modify the password-checking routine in the firmware to accept any passphrase before accessing the DEK to encrypt or decrypt the device. In other cases, the researchers could retrieve the keys by modifying the drive's firmware, or by exploiting a code injection vulnerability that would also allow an attacker to modify the password routine – both require physical access to the drive. |
| Posted by:badanov |
| #4 The standard says the encryption key should be based on the password. So it's not stored on the device. |
| Posted by: Bright Pebbles 2018-11-06 15:35 |
| #3 ...once they've got their hands on the equipment. What a Nothing Burger. If the Cypher and the Encrypted data are in the same object AND someone gets physical possession then the decyphering is a matter of time and resources. |
| Posted by: magpie 2018-11-06 11:40 |
| #2 Didn't really break them. The implementations were fundamentally flawed! The password was stored on the device and you merely needed to tell it to use the password. It's like storing the key for your front door in a bag saying "do not open". |
| Posted by: Bright Pebbles 2018-11-06 04:08 |
| #1 Just like when voting, looks like we need to go back to paper. |
| Posted by: Neville Dark Lord of the Wee Folk7365 2018-11-06 00:24 |