‘They put the keys to the safe under the safe’

UPDATED Hardware encryption in multiple solid-state drives (SSDs) might easily be bypassed, Dutch security researchers have discovered.

Researchers at Radboud University in the Netherlands found storage devices with self-encrypting drives from both Crucial (the consumer storage brand of Micron Technologies) and Samsung might be hacked to access the contents of drives without knowing a user-chosen password.

Both internal and external solid-state drives from Crucial and Samsung are affected by the security shortcoming.

The contents of drives can be decrypted without entering a password, but only in cases where hackers have physical access to a targeted (vulnerable) device.

Affected products - confirmed by the researchers as vulnerable - include the Crucial (Micron) MX100, MX200, and MX300 internal hard disks; Samsung T3 and T5 USB external disks; and Samsung 840 EVO and 850 EVO internal hard disks.

Hardware-based full-disk encryption from other vendors might also be affected but this has yet to be tested.

The researchers - Carlo Meijer and Bernard van Gastel - uncovered various serious security problems with multiple models of SSDs using publicly accessible information, around €100 ($115) worth of computer equipment, and a large dose of savvy computer skills.

The computer scientists were able to recover master passwords that gave access to encrypted data without recourse to the user-chosen password because of faulty implantation of the TCG Opal encryption standard on affected kit, among other problems.

Van Gastel told The Daily Swig that the researchers uncovered “multiple issues”.

“Missing cryptographic link between user password and the key to encrypt the disk is the easiest to explain one,” he explained. “The other one is wear-levelling in the management part, making it possible to retrieve an older block with the disk key unencrypted (factory default).”

Some of the affected devices have a factory-set master password, while others hold the encryption key on the hard drive, from where it can be harvested and subsequently abused.

“Basically, we found that they put the key to the safe under the safe,” van Gastel joked in a Twitter update related to his research.


Windows shops are more exposed to the problem than companies that rely more on Mac or Linux desktops.

BitLocker, the encryption software built into Microsoft Windows, falls back on hardware-based full-disk encryption if the SSD advertises support for it. Users of the affected SSDs who also happen to be running Windows are therefore left without and effective protection by default.

“Software encryption built into other operating systems (such as macOS, iOS, Android, and Linux) seems to be unaffected if it does not perform this switch,” the researchers report.

Whether BitLocker relies on hardware encryption or software encryption is set via the Group Policy. For business that rely on affected products, the default setting preferring hardware-based encryption needs to be changed so as to force software encryption. This is only a temporary workaround rather than a proper fix.

“This change does not solve the problem immediately, because it does not re-encrypt existing data,” the researchers explain. “Only a completely new installation, including reformatting the internal drive, will enforce software encryption.”

Security experts, such as cryptographer Matthew Green, were less than impressed by Microsoft’s design decision.

Hard truth

The researchers’ findings (pdf) undermine the conventional wisdom that hardware-based encryption offers superior protection than software-based encryption.

Business and consumers are advised not to rely on hardware encryption alone and to add software encryption, such as the free and open source VeraCrypt software package or similar alternatives, in order to safeguard their data.

The computer scientists went public with their findings (in part and omitting any proof-of-concept exploit) on Monday – a full six months after the affected vendors were informed (through the National Cyber Security Centre of the Netherlands) back in April.

US CERT pushed out an advisory on the research on Tuesday, urging business to review preliminary vendor advisories.

NCCIC encourages users and administrators to review Microsoft’s Security Advisory ADV180028 and Samsung’s Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available.

Microsoft is advising customers to change system defaults to force software encryption on computers with self-encrypting drive. Samsung is advising businesses that rely on its SSD technology to install software encryption tools or (in the case of portable drives) to apply a firmware update.

Micron Technologies (the firm that owns the Crucial brand) told The Daily Swig it was preparing firmware updates to address the issue. It advised consumers are advised to use software-based encryption in the meantime.

"Micron is aware of the Radboud University researchers’ report describing a potential security vulnerability in Crucial MX100, MX200 and MX300 products as well as another manufacturer’s products," a spokesperson said.
"This vulnerability can only be exploited by an individual with physical access to the drive, deep technical SSD knowledge and advanced engineering equipment. Micron recommends software based encryption to provide additional protection against these vulnerabilities, and has also developed firmware updates to address vulnerabilities in the MX100, MX200 and MX300 products. The MX100 and MX200 firmware updates are available today on crucial.com and MX300 firmware will be added on November 13, 2018.
"Micron is committed to conducting business with integrity and accountability, which includes delivering best-in-class product quality, security, and customer support."

This article has been updated to add comment from Micron (Crucial).