Is your SSD drive open to hacking?
A research team has found an exploit that allows hackers to decrypt and view encrypted files on a number of well-known SSD drives.
They include
- Samsung T5 Portable
- Samsung T3 Portable
- Samsung 850 EVO
- Samsung 840 EVO
- Crucial MX 300
- Crucial MX 200
- Crucial MX 100
According to the research team
"We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret."
The team disclosed their findings to both Crucial and Samsung to give both of the companies an opportunity to prepare firmware updates and get them out to their clients.
Crucial has responded swiftly, offering firmware updates to all three of the impacted drives. Samsung's response has been a bit more sluggish. To date, they've released firmware updates for the T3 and T5 models. Apparently, though, the company has no plans to update their EVO drives, having issued a statement encouraging EVO users to opt for software encryption instead.
Unfortunately, there's another fly in the ointment. Windows' BitLocker software encryption will default to hard drive encryption if it finds it supported on a given drive. This means that BitLocker cannot be counted on as a viable software encryption solution. The same flaws that allow hackers access to the drives mentioned above will also allow them to circumvent BitLocker.
Our perspective
The bottom line is simply this: If you're relying on your SSD drive to secure your data, it may not be offering you as much protection as you had hoped, especially if you're currently using a Samsung EVO drive.
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.
Denis S Wilson
I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.
I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.
Contact me if you would like me to speak at your meeting.
Meanwhile, check out this report
Executive Report: 10 Hidden IT Risks That Might Threaten Your Business
