BitLocker on self-encrypted SSDs blown; Microsoft encourages you change to software application defense
Yesterday, Microsoft released ADV180028, Assistance for setting up BitLocker to implement software application file encryption, in reaction to a smart fracture released on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).
The paper (marked “& ldquo; draft & rdquo;-RRB- explains how an aggressor can decrypt a hardware-encrypted SSD without understanding the password. Due to a defect in the way self-encrypting drives are carried out in firmware, a miscreant can get at all of the information on the drive, no secret needed. Günter Born reports on his Borncity blog:
The security scientists explain that they had the ability to modify the firmware of the drives in a necessary method, since they might use a debugging user interface to bypass the password recognition regimen in SSD drives. It does require physical access to a (internal or external) SSD. However the scientists were able to decrypt hardware-encrypted data without a password. The researchers compose that they will not launch any information in the kind of a proof of idea (PoC) for make use of.
Microsoft’& rsquo; s BitLocker function encrypts all the information on a drive. When you run BitLocker on a Win10 system with a solid state drive that has integrated hardware file encryption, BitLocker relies on the self-encrypting drive’& rsquo; s own capabilities. If the drive doesn’& rsquo; t have hardware self-encryption (or you’re utilizing Win7 or 8.1), BitLocker executes software application encryption, which is less efficient, however still enforces password protection.The hardware-based self-encryption defect seems to be present on many, if not all, self-encrypting drives.Microsoft & rsquo; s option is to unencrypt any SSD that carries out self-encryption, then re-encrypt it with software-based encryption. Efficiency takes a hit, but information will be secured by software application, not hardware.For details on the re-encryption strategy, see ADV180028. Published at Thu, 08 Nov 2018 00:08:00 +0000