Vulnerabilities in implementation of the encryption of SED(Self Encrypting Drive) SSD's have been found by researchers from the Radboud University in the Netherlands. News article is in Dutch, but the actual paper linked in the article is in English. https://www.security.nl/posting/585786/Ernstige lekken in zelfversleutelende ssd-schijven ontdekt
Let's not overlook a key fact here. As noted in the article, on a few select drives (not the Samsung 840 and 850 EVO SATA models ) and, That's a BIG "IF", IMO. I am not minimizing the problem. I am just putting it back in perspective. A bad guy would have to have physical access to your computer and remove the drive without being noticed.
Well, if an adversary kidnaps you, or takes you into custody, there's no question about "being noticed"
That's true but at the same time that is exactly a reason why I would use encryption in the first place.
Also posted here: https://www.wilderssecurity.com/threads/vulnerabilities-in-tcg-opal-hardware-encryption.409910/ Yes, physical access is needed, but protecting against physical access is the point of full disk encryption. If in your threat model you don't consider physical access a possibility, why use full disk encryption in the first place? Yes, a few select drives were found vulnerable, but those select drives are the only drives looked at by the research team. It could be that a lot more drives from other manufacterers are also vulnerable. Why would the bad guy need to remove the drive without being noticed? A bad guy could just remove the drive and recover your data.
I suppose. It depends on what sort of information you have on your computer. If someone is already in my home, they could easily find most of my personal information by going through my paper work in my file cabinet and desk drawers. I keep all my passwords in a password manager/safe and that takes a totally different encryption key to open, so that would not be a problem. And of course, this SSD issue is just that - an SSD issue. For the majority who still store their data on hard drives without using bitlocker or other software based encryption, they would be hosed anyway. The fact is, if someone is inside your home, they likely are looking for drug money and will just steal the whole computer and fence it. Huh? How about so I don't shoot both his knee caps to get his attention, then blow his head off because he got blood on my carpet? Or so the neighbors don't call the cops on him?
True I assumed noticing it afterwards, not during. For example, in the case of software encryption, an attacker can perform an evil maid attack while the computer is left unattended and then needs you to enter the password so he can retrieve it. If you noticed the attacker or altered boot sector, the attacker's plain failed. In another scenario an attacker might want to steal data from your encrypted drive, but may not want you to know he possesses that data. If he would just remove your drive and take it with him, you would know.
Microsoft issues a security advisory regarding a vulnerability in hardware encryption https://mspoweruser.com/microsoft-i...rding-a-vulnerability-in-hardware-encryption/
Windows 10’s BitLocker Encryption No Longer Trusts Your SSD September 27, 2019 https://www.howtogeek.com/442114/windows-10s-bitlocker-encryption-no-longer-trusts-your-ssd/
