Multiple vulnerabilities discovered in self-encrypting drives

Multiple vulnerabilities discovered in self-encrypting drives

There are multiple vulnerabilities in the implementations of self-encrypting Solid-state Drives (SSDs).  Attackers can exploit vulnerabilities in ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs) and decrypt contents of an encrypted drive.

Attackers can exploit vulnerabilities in ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs) and decrypt contents of an encrypted drive.

According to the CERT Coordination Center (CERT-CC) advisory, two vulnerabilities in particular were called out that impact multiple drive models. 

Local security bypass vulnerability (CVE-2018-12037):

“There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user, allowing the attacker to decrypt information encrypted with that key.”

Models affected include*: 

  • Crucial (Micron) MX100, MX200 and MX300 drives
  • Samsung T3 and T5 portable drives
  • Samsung 840 EVO and 850 EVO drives (in “ATA high” mode these devices are vulnerable, In “TCG” or “ATA max” mode these devices are NOT vulnerable).

* According to National Cyber Security Centre – The Netherlands (NCSC-NL).

The other vulnerability (CVE-2018-12038) affects Samsung 840 EVO drives:

“Key information is stored within a wear-leveled storage chip. Wear-leveling does not guarantee that an old copy of updated data is fully removed. If the updated data is written to a new segment, old versions of data may exist in the previous segment for some time after it has been updated (until that previous segment is overwritten). This means that if a key is updated with a new password, the previous version of the key (either unprotected, or with an old password) could be accessible, negating the need to know the updated password.”

Other drives had not been tested at the time of the advisory publication, but could be found vulnerable in the future as well. 

Samsung provided a security advisory regarding Samsung SSDs. For non-portable drives, Samsung recommends installing software-based encryption. For portable SSDs (T5 and T3 products), Samsung offers firmware updates available through Portable SSD Activation Software. 

Microsoft also issued a security advisory (ADV180028) for configuring BitLocker to enforce software encryption in light of the SED vulnerabilities: 

“Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption™. On Windows computers with self-encrypting drives, BitLocker Drive Encryption™ manages encryption and will use hardware encryption by default. Administrators who want to force software encryption on computers with self-encrypting drives can accomplish this by deploying a Group Policy to override the default behavior. Windows will consult Group Policy to enforce software encryption only at the time of enabling BitLocker.”

This affects multiple products and versions to include Windows 10, Windows Server (2012, 2016, 2019), and more.

How practical the solution for enterprises (of switching from hardware to software-based encryption) is likely another story until a permanent fix or patch is made available.