Crucial and Samsung SSDs' Encryption Is Easily Bypassed

Researchers from Radboud University in The Netherlands reported today their discovery that hackers could easily bypass the encryption on Crucial and Samsung SSDs without the user’s passwords. The researchers also pointed at Microsoft for defaulting to using these broken encryption schemes on modern drives.

The Dutch researchers reverse-engineered the firmware of multiple drives and found a “pattern of critical issues." In one case, the drive’s master password used to decrypt data was just an empty string, which means someone would have been able to decrypt it by just pressing the Enter key on their keyboard. In another case, the researchers said the drive could be unlocked with “any password” because the drive’s password validation checks didn’t work.

The drives the researchers found to be plagued by these encryption issues include: Crucial’s MX100, MX200 and MX300 SSDs, Samsung’s T3 and T5 portable SSDs and the popular Samsung 840 EVO and 850 EVO SSDs. The researchers noted that the issues likely affect many more products from the two companies’ SSD lineups, considering most if not all of them share the same firmware.

Microsoft’s BitLocker Partly to Blame

It’s bad enough that Crucial and Samsung have done poor jobs of protecting the decryption key (or even creating one to begin with, in some cases). However, drive encryption has never been that good, and researchers suggested Microsoft should have known better.

They said Microsoft shares some of the blame for Windows user data that can easily be stolen from their encrypted drives by people with access to the users’ laptops. That’s because Microsoft’s BitLocker, which is available only on Professional, Enterprise and Education editions of Windows 10, uses the drive’s own encryption by default instead of its own. In other words, BitLocker is mostly just an intermediary interface for modern drive’s own encryption. It doesn't do much else on its own.

Cryptography Professor Matthew Green called Microsoft’s decision to trust device maker’s own encryption schemes “the single dumbest thing that company has ever done" via Twitter.

A Call for Open-Source Encryption Schemes

The researchers also blamed the drive makers for using proprietary encryption schemes that tend to be much weaker in practice than well-known open source solutions. The drive makers weren’t even publishing their proprietary encryption schemes, which is why the researchers had to reverse-engineer the software.

The researchers recommended users use the open-source and audited VeraCrypt software instead of the proprietary BitLocker or custom and unproven SSD drive encryption schemes. The researchers concluded there is no point in using the encryption options provided by these drives. They argue that's because on one hand software solutions such as VeraCrypt are simply better and more secure, and on the other hand, the encryption acceleration offered by the SSDs is unnecessary because the AES-NI encryption acceleration found on most processors has become mainstream. AES-NI offers the same hardware acceleration as the drive’s own crypto accelerators do.

In an advisory, Samsung also told consumers to install encryption software available online to avoid “potential breach of self-encrypting SSDs.” Meanwhile, Micron, the owner of the Crucial SSD brand, said that it will issue a firmware update for its drives in the future, but didn’t provide a schedule.

Create a new thread in the News comments forum about this subject
11 comments
Comment from the forums
    Your comment
  • Brian28
    No wonder the FBI never raised a stink about hard drives like they did with the iPhone.
  • cryoburner
    Logically, the encryption used in all drives probably has a backdoor, just some companies do a better job hiding it than others.

    Quote:
    They said Microsoft shares some of the blame for Windows user data that can easily be stolen from their encrypted drives by people with access to the users’ laptops. That’s because Microsoft’s BitLocker, which is available only on Professional, Enterprise and Education editions of Windows 10, uses the drive’s own encryption by default instead of its own.

    Well, that makes sense. Software encryption tends to create additional performance overhead, and CPU acceleration for it is only common in newer CPUs from the last 5 to 7 years or so, while companies will likely have a lot of older hardware in use, so if the drives themselves are already offering to handle it on their own, it's reasonable for Microsoft to let them do so. If some of the drives in question have poor locks on the doors, that's hardly Microsoft's fault. They're simply providing an interface to access it. And do you really think that if they used their own software encryption, that it wouldn't have a backdoor? Perhaps they would do a better job disguising the entrance to keep the common riffraff out, but I wouldn't expect much more than that. The same goes for this open-source software these researchers are recommending. You can bet that various groups around the world have spent billions compromising software like that.
  • xrodney
    Well as I did find out accidentaly even Home version of W10 does have bitlocker or some other tool and might come as enabled.
    Wanted update Bios and FW on Yoga 920 and it failed with status that disk is encrypted.

    W10 Home are missing menu and option in control panel but still have command line tool: manage-bde -status
    This showed disk as 100% encrypted and I had to decrypt it (took about 2 hours for 256GB SSD) before rerun FW update tool.