Microsoft Security Advisory for self-encrypting drives

[harlan4096]

Microsoft published the security advisory ADV180028, Guidance for configuring BitLocker to enforce software encryption, yesterday. The advisory is a response to the research paper Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) by the Dutch security researchers Carlo Meijer and Bernard von Gastel from Radboud University (PDF here).

The researchers discovered a vulnerability in Solid State Drives that support hardware encryption that enabled them to retrieve data from the encrypted drive without knowledge of the password used to encrypt the data on it.

The vulnerability requires local access to the drive as it is necessary to manipulate the firmware of it to access the data.

The security researchers tested several retail solid state drives that support hardware encryption and found the vulnerability in each of them including Crucial MX100, MX200 and MX3000, Samsung T3 and T5, and Samsung 840 Evo and 850 Evo drives.

Full reading: https://www.ghacks.net/2018/11/07/micros...ng-drives/