06 Nov SSD Bug Allows Attackers to Bypass Disk Encryption
Researchers at the Netherland’s Radboud University said this week that they have discovered flaws in some solid-state drives (SSDs) that can allow attackers to bypass the disk encryption feature and access the local data without needing the user-chosen disk encryption password.
One critical bug affects the “ATA security” and “TCG Opal,” specifications for the implementation of hardware-based encryption on SEDs. The researchers said that attackers can use the master password loaded by the vendor to access the user’s encrypted password. Users will only be safe if they either change the master password or configure the SED’s Master Password Capability setting to “Maximum,” which effectively disables it.
The researchers added that they also found a number of other flaws caused by the improper implementation of the ATA security and TCG Opal specifications.