(London, Nov 2018), Researchers at Radbound University in the Netherlands revealed that major flaws in some Solid State Drives (SSDs) allow an attacker to bypass the password-based authentication process and access encrypted data stored on the drives.
The researchers found that the data encryption keys used to secure data stored on the drives are not derived from the owner’s password, and that an attacker with physical access to the drives can reprogram the drives via a debug port in order to accept any password. Once the drives have been reprogrammed, the SSDs will use the stored Data Encryption Keys to encrypt and decrypt all stored data.
With questions now arising into just how safe hardware encrypted SSDs are, John Michael, CEO, iStorage Limited stated:
“This is an extremely worrying issue for anyone who has purchased such Self Encrypting SSDs believing that their data is encrypted and secure. According to researchers at Radbound...