cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

SSD (Solid State Drive) encryption is broken ...

Don't rely on the built-in encryption on SSD (Solid State Drive) storage devices.  It's broken.

 

Not completely.  The encryption itself seems to be fine.  But the drives don't tie the keys to anything you do or provide (including your password), so they can be fooled into giving up your secrets to anyone.

 

Anyone who has physical access to a debug port, of course, so this attack is somewhat limited, but it's still not safe to put state secrets onto an SSD.

 

Oh, and Bitlocker?  it relies on the built-in encryption on SSDs ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
Shannon
Community Champion

US-CERT's report on this provides links to Microsoft Security Advisory, where it says 'Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption.'

 

Almost sounds like an attempt to assure customers that they needn't worry.  Man LOL

 

There's also a link to a customer notice on Samsung's website recommending the use of encryption software.

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
solhuebner
Newcomer II

There is a short article on how to enforce software encryption and how to re-encrypt: https://lifehacker.com/how-to-switch-to-software-encryption-on-your-vulnerable-1830289471