Major SSD hardware encryption flaws discovered

[Sakkura]

Dutch security researchers today released a paper detailing compromised security in the hardware encryption of several mainstream SSDs from companies like Crucial and Samsung. Several different serious implementation flaws were found.

 

Quote

Many companies now use full disk encryption for their computers, especially for laptops on the move. So while the usage of TrueCrypt has faded, especially when its open source developers gave up maintaining the code, it has been up to Microsoft BitLocker to take over and become the tool of choice for encrypting disk drives.

 

In some cases, the factory-set master password could still be used to unlock the drive despite being set to disabled, and worse, the master password consisted of an empty string (technically a 32-bit code containing 32 zeros). Meaning the drive is encrypted with no password - like a lock that doesn't require a key, just turning the handle.

 

Quote

The paper outlines that some SSD drives (including Samsung and Crucial) do not actually encrypt the data properly, and that they can be easily by-passed without a system password.

The manufacturers of the drives have been informed through ethical disclosure (in April 2018), and users are being asked to rely on software encryption rather than the embedded hardware encryption. A particular risk is Windows BitLocker — which has a virtual monopoly in the market place for complete disk encryption — as it often relies on the hardware encryption used in the SSD drives.

 

Microsoft Bitlocker is a particular problem, because it automatically relies on hardware encryption whenever a disk supports it. Users should therefore be relying on software encryption instead, and open-source and vetted applications like Veracrypt are recommended. Microsoft did not technically do anything wrong, but relying on the hardware vendors to properly implement encryption was clearly a bad idea in practice. If some of the biggest SSD brands are this negligent, who knows what the rest of the industry is like.

 

Quote

Conclusions

If you need to have full disk encryption, and you have an SSD drive, you just cannot trust hardware encryption. At least with software encryption the data is encrypted before it gets anywhere near your disk. A master password of “” (an empty string — or 32 NULL characters) is shocking, and negligence of the highest kind.

The researchers recommend using an open sourced (and auditable) software encryption method such as VeraCrypt, along with hardware encryption. VeraCrypt is based on the well-loved TrueCrypt open-sourced software distribution:

 

What can I say, this is a major-league fuckup that tarnishes the entire industry but especially the involved companies. Samsung's bad enough, but Crucial setting empty string master passwords is just inexcusably awful. In the case of the MX100 and MX200, the researchers only checked the three first vulnerabilities, testing more was pointless as security was already broken beyond repair.

 

Of course not everyone relies on full disk encryption, but for those who do, this is really bad news. Also note that ethical disclosure happened all the way back in April, yet the involved companies don't appear to have done much about it at this point (pending official responses).

 

 

Source: Prof Bill Buchanan (Medium post)

See also: The Register

[GoldenLag]

I guess you can say it has Zero flaws.....

[rawrdaysgoby]

So samsung and crucial are the only brands they tested according to the source anyways

[vanished]

Is there a full list of the models affected?

Edit: found this in the source

Edited November 5, 2018 by Ryan_Vickers

[Cyberspirit]

Damn, that's horrible and hilarious at the same time.

[bcredeur97]

crucial is a subsidary of Micron right? wonder if all Samsung/Micon based ssd's are affected

 

prob not as this is more like the fault of the maker of the driver controller which is usually the manufacturer of the drive... right?

[Sakkura]

2 minutes ago, Ryan_Vickers said:

Is there a full list of the models affected?

Only of the models tested - chances are many more models will be affected too.

 

Crucial MX100, MX200, MX300

Samsung 840 Evo, 850 Evo, T3, T5

Just now, bcredeur97 said:

crucial is a subsidary of Micron right? wonder if all Samsung/Micon based ssd's are affected

 

prob not as this is more like the fault of the maker of the driver controller which is usually the manufacturer of the drive... right?

Crucial is just the name Micron itself uses for its consumer-oriented products.

[themctipers]

bitlocker is there to prevent just anyone looking in for your data

veracrypt is there to properly encrypt it to make sure only you can see it

 

hardware encryption (as far as I know) is pretty pointless, only there to offload AVX instructions from the CPU onto the controller of the SSD
 

 

[vanished]

Just now, Sakkura said:

Only of the models tested - chances are many more models will be affected too.

 

Crucial MX100, MX200, MX300

Samsung 840 Evo, 850 Evo, T3, T5

Crucial is just the name Micron itself uses for its consumer-oriented products.

Makes me wonder if the newer 900 series from Samsung or the MX500 are affected or not

[Sakkura]

3 minutes ago, Ryan_Vickers said:

Makes me wonder if the newer 900 series from Samsung or the MX500 are affected or not

Yeah. The researchers may not have had access to an MX500 when they were originally working on this - it did launch a few months before they disclosed, but presumably they had been working on it for a while before that.

 

The 900 series uses NVMe rather than SATA, which should change how some of these things work. But definitely worth checking the encryption on them too.

 

I stole your pic for the OP by the way, hope you don't mind.

[vanished]

Just now, Sakkura said:

Yeah. The researchers may not have had access to an MX500 when they were originally working on this - it did launch a few months before they disclosed, but presumably they had been working on it for a while before that.

 

The 900 series uses NVMe rather than SATA, which should change how some of these things work. But definitely worth checking the encryption on them too.

 

I stole your pic for the OP by the way, hope you don't mind.

no that's fine It definitely should be in there somewhere

[Mira Yurizaki]

So when these encryption things ask for a key, where in the flying duck is it being used?

[79wjd]

5 minutes ago, M.Yurizaki said:

So when these encryption things ask for a key, where in the flying duck is it being used?

totally_not_a_plain_text_password.txt

and

this_definitely_is_not_the_password_you_are_looking_for.txt

 

Depending on the manufacturer and model.

[Sakkura]

Just now, James Evens said:

There is a more detailed list in the paper (linked on the medium site). 

Samsung drives seem to be a little bit better (or less worse?) then the crucial ones.

The Samsung drives seem to be like "normal" security flaws. The Crucial drives just have facepalm levels of terrible security.

 

Yeah I'm a little salty about my Crucial MX100, but at least I'm only using software encryption.

[AlTech]

Time to update SSD Firmware .

[mynameisjuan]

First SSH now this.

 

Pretty much every vulnerability coming to light now:

[Speed Weed]

I don't use Samsung encryption at all, but do you need to set up a password for it? Will your data locked if you forgot the password to decrypt it? 

[paddy-stone]

Well I guess at least some governments and civil authorities will be happy about that... they don't have to waste time asking for passwords or backdoors on those devices.

[Speed Weed]

1 minute ago, paddy-stone said:

Well I guess at least some governments and civil authorities will be happy about that... they don't have to waste time asking for passwords or backdoors on those devices.

Next will be IMac because IMac uses SSD as well. 

[Blademaster91]

6 minutes ago, Speed Weed said:

Next will be IMac because IMac uses SSD as well. 

The newer iMacs have their own proprietary encryption. Though I would have liked to see the Samsung 900 series nvme tested, particularly the pro version if it has any better protection than the evo drives.

[ZacoAttaco]

1 hour ago, Sakkura said:

Microsoft did not technically do anything wrong, but relying on the hardware vendors to properly implement encryption was clearly a bad idea in practice. If some of the biggest SSD brands are this negligent, who knows what the rest of the industry is like. 

So this whole time Microsoft Bitlocker is just utilizing the drive manufacturers own hardware encryption? It's all fine and well until something like this happens.

 

Could there be legal ramifications against Samsung and Crucial? Particularly from enterprise users? (I'm sure most would use a third-party for security and encryption but still)

[S w a t s o n]

Welp, I have an 850 evo and a T5 but I dont encrypt either so meh

[TetraSky]

So, to "fix" bitlocker, I just checked in gpedit and found the following options in

Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption

In there, there's three folders(Fixed, OS and Removable drives),  all three of them have "Configure use of hardware-based encryption for "fixed/OS/Removable" drive".

By default, it says it will use Hardware Encryption, but changing that setting to "Disable", it will use Software based encryption instead.

Spoiler

This policy setting allows you to manage BitLocker’s use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or writing of data to the drive.
 

If you enable this policy setting, you can specify additional options that control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with hardware-based encryption.
 

If you disable this policy setting, BitLocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when the drive is encrypted.
 

If you do not configure this policy setting, BitLocker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available BitLocker software-based encryption will be used instead.
 

Note: The “Choose drive encryption method and cipher strength” policy setting does not apply to hardware-based encryption.
The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm configured on the drive to encrypt the drive.
The “Restrict encryption algorithms and cipher suites allowed for hardware-based encryption” option enables you to restrict the encryption algorithms that BitLocker can use with hardware encryption.
If the algorithm set for the drive is not available, BitLocker will disable the use of hardware-based encryption.
Encryption algorithms are specified by object identifiers (OID). For example:
- AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2
- AES 256 in CBC mode OID: 2.16.840.1.101.3.4.1.42

So, I'm guessing that changing that setting in all three folders, to Disable, means this issue is not longer an issue?

[Nexxus]

Well good thing I just got an 860 evo

[rcmaehl]

When @Sakkura beats you by 9 minutes on posting. Feels bad man.