Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.
The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.
Such devices are also known as self-encrypting drives (SEDs) and have become popular in recent years after software-level full disk encryption was proven vulnerable to attacks where intruders would steal the encryption password from the computer's RAM.
But in a new academic paper published today, two Radboud researchers, Carlo Meijer and Bernard van Gastel, say they've identified vulnerabilities in the firmware of SEDs.
These vulnerabilities affect "ATA security" and "TCG Opal," two specifications for the implementation of hardware-based encryption on SEDs.
The two say that the SEDs they've analyzed, allowed users to set a password that decrypted their data, but also came with support for a so-called "master password" that was set by the SED vendor...
Read more: Flaws in self-encrypting SSDs let attackers bypass disk encryption | ZDNet