Vulnerabilities in TCG OPAL hardware encryption

Discussion in 'other security issues & news' started by BoerenkoolMetWorst, Nov 5, 2018.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,162
    Location:
    Outer space
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,970
    Location:
    Here
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,426
    Location:
    Nebraska, USA
    Let's not overlook a key fact here. As noted in the article, on a few select drives (not the Samsung 840 and 850 EVO SATA models :()
    and,
    That's a BIG "IF", IMO.

    I am not minimizing the problem. I am just putting it back in perspective. A bad guy would have to have physical access to your computer and remove the drive without being noticed.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,644
    Well, if an adversary kidnaps you, or takes you into custody, there's no question about "being noticed" ;)
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,970
    Location:
    Here
    That's true but at the same time that is exactly a reason why I would use encryption in the first place.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,162
    Location:
    Outer space
    Also posted here:
    https://www.wilderssecurity.com/threads/vulnerabilities-in-tcg-opal-hardware-encryption.409910/

    Yes, physical access is needed, but protecting against physical access is the point of full disk encryption. If in your threat model you don't consider physical access a possibility, why use full disk encryption in the first place?

    Yes, a few select drives were found vulnerable, but those select drives are the only drives looked at by the research team. It could be that a lot more drives from other manufacterers are also vulnerable.

    Why would the bad guy need to remove the drive without being noticed?
    A bad guy could just remove the drive and recover your data.
     
    Last edited: Nov 5, 2018
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    3,426
    Location:
    Nebraska, USA
    I suppose. It depends on what sort of information you have on your computer. If someone is already in my home, they could easily find most of my personal information by going through my paper work in my file cabinet and desk drawers. I keep all my passwords in a password manager/safe and that takes a totally different encryption key to open, so that would not be a problem.

    And of course, this SSD issue is just that - an SSD issue. For the majority who still store their data on hard drives without using

    bitlocker or other software based encryption, they would be hosed anyway.

    The fact is, if someone is inside your home, they likely are looking for drug money and will just steal the whole computer and fence it.
    Huh? How about so I don't shoot both his knee caps to get his attention, then blow his head off because he got blood on my carpet? Or so the neighbors don't call the cops on him?
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,162
    Location:
    Outer space
    True :argh:
    I assumed noticing it afterwards, not during. For example, in the case of software encryption, an attacker can perform an evil maid attack while the computer is left unattended and then needs you to enter the password so he can retrieve it. If you noticed the attacker or altered boot sector, the attacker's plain failed.
    In another scenario an attacker might want to steal data from your encrypted drive, but may not want you to know he possesses that data. If he would just remove your drive and take it with him, you would know.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,970
    Location:
    Here
    Microsoft issues a security advisory regarding a vulnerability in hardware encryption
    https://mspoweruser.com/microsoft-i...rding-a-vulnerability-in-hardware-encryption/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.