SSD (Solid State Drive) encryption is broken ...

rslade · ‎11-06-2018

Don't rely on the built-in encryption on SSD (Solid State Drive) storage devices. It's broken.

Not completely. The encryption itself seems to be fine. But the drives don't tie the keys to anything you do or provide (including your password), so they can be fooled into giving up your secrets to anyone.

Anyone who has physical access to a debug port, of course, so this attack is somewhat limited, but it's still not safe to put state secrets onto an SSD.

Oh, and Bitlocker? it relies on the built-in encryption on SSDs ...

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Shannon · ‎11-07-2018

US-CERT's report on this provides links to Microsoft Security Advisory, where it says 'Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption.'

Almost sounds like an attempt to assure customers that they needn't worry.

There's also a link to a customer notice on Samsung's website recommending the use of encryption software.

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz

solhuebner · ‎11-19-2018

There is a short article on how to enforce software encryption and how to re-encrypt: https://lifehacker.com/how-to-switch-to-software-encryption-on-your-vulnerable-1830289471