SSD Encryption Bug Makes Microsoft’s BitLocker Useless

A major security vulnerability in the hardware encryption system of several Solid State Drives (SSDs) leads to additional problems for Windows users, breaking down the BitLocker feature bundled into the operating system.

The security flaw was discovered by Dutch security researchers Carlo Meijer and Bernard von Gastel from Radboud University and describe a method that relies on firmware reverse-engineering to access data without an encryption key.

The research paper shows that in some cases, drives can be accessed without any password, while in others, the only thing a potential hacker would need is to send an empty string as a password in order to decrypt the drive and access the stored data.

According to their findings, the flaw exists in several SSDs, including Crucial MX100, MX200 and MX300, as well as Samsung's T3 and T5, 840 EVO and 850 EV internal SATA SSDs.

Microsoft’s BitLocker ... (read more)

No comments:

Post a Comment