Breaking News

Asus hits Computex 2023 KIOXIA introduces next-generation UFS ver. 4.0 devices Ratchet & Clank: Rift Apart is coming to PC on July 26 NVIDIA RTX Transforming 14-Inch Laptops Introducing the THX certified Razer Hammerhead Pro HyperSpeed

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researchers Discover Security Flaws in Samsung and Crucial SSDs

Researchers Discover Security Flaws in Samsung and Crucial SSDs

PC components Nov 7,2018 0

Researchers at Radboud University in the Netherlands have discovered that popular SSDs featuring self-encrypting technology do not provide the expected level of data protection.

A malicious expert with direct physical access to widely sold storage devices can bypass existing protection mechanisms and access the data without knowing the user-chosen password, the researchers said.

These flaws exist in the encryption mechanism of several types of solid state drives of two major manufacturers, namely Samsung and Crucial. The vulnerabilities occur both in internal storage devices (in laptops, tablets and computers) and in external storage devices (connected via a USB cable). The storage devices affected include popular models that are currently widely available.

The researchers say that if sensitive data needs to be protected, it is in advisable to use software encryption and not rely solely on hardware encryption. On computers running Windows, BitLocker provides software encryption, and data may not be secure.

The researchers identified these security issues using public information and SSDs. Although it is quite difficult to discover these problems from scratch, once the nature of the issues is known, there is a risk that the exploitation of these flaws will be automated by others, making abuse easier. The researchers at Radboud University of course will not release such an exploitation tool.

The models for which vulnerabilities have actually been demonstrated in practice are:

  • Crucial (Micron) MX100, MX200 and MX300 internal disks;
  • Samsung T3 and T5 USB external disks;
  • Samsung 840 EVO and 850 EVO internal disks.

On computers running Windows, a software component called BitLocker handles the encryption of the computer's data. In Windows, the kind of encryption that BitLocker uses (i.e. hardware encryption or software encryption) is set via the Group Policy. If available, standard hardware encryption is used. For the affected models, the default setting must be changed so that only software encryption is used. This change does not solve the problem immediately, because it does not re-encrypt existing data. Only a completely new installation, including reformatting the internal drive, will enforce software encryption. As an alternative to reinstallation, the VeraCrypt software package can be used.

Both manufacturers were informed of this security problem in April 2018 by the National Cyber Security Centre (NCSC) of the Netherlands. The university provided details to both manufacturers to enable them to fix their product. The manufacturers will provide detailed information to their customers about the affected models.

For non-portable Samsung SSDs, Samsung recommends installing encryption software (freeware available online). For portable SSDs, the company recommends updating the firmware on the SSDs.

There is no official response from Micron/ Crucial yet.

Tags: SSDsSAMSUNGCrucial Technologyencryption
Previous Post
Nokia Signs EUR 2 billion Frame Agreements With Chinese Operators
Next Post
LG G7 Fit Smartphone Brings Features From the G Series to a Wider Audience

Related Posts

  • Samsung Launches 2023 Smart Monitor Lineup Globally

  • Samsung Electronics Announces Most Advanced 12nm-Class DDR5 DRAM Has Started Mass Production

  • New One UI 5 Watch Shows First Look at Upcoming Galaxy Watch

  • Skin Temperature-Based Cycle Tracking Now Available on Galaxy Watch5 Series in 32 Countries

  • Samsung and AMD promise to deliver Future Mobile Platforms

  • Samsung 256GB MicroSD Pro Endurance

  • Samsung Announces Ultra-Wideband Chipset With Centimeter-Level Accuracy for Mobile and Automotive Devices

  • Samsung Announces Galaxy A54 5G and Galaxy A34 5G

Latest News

Asus hits Computex 2023
Enterprise & IT

Asus hits Computex 2023

KIOXIA introduces next-generation UFS ver. 4.0 devices
Enterprise & IT

KIOXIA introduces next-generation UFS ver. 4.0 devices

Ratchet & Clank: Rift Apart is coming to PC on July 26
Gaming

Ratchet & Clank: Rift Apart is coming to PC on July 26

NVIDIA RTX Transforming 14-Inch Laptops
GPUs

NVIDIA RTX Transforming 14-Inch Laptops

Introducing the THX certified Razer Hammerhead Pro HyperSpeed
Consumer Electronics

Introducing the THX certified Razer Hammerhead Pro HyperSpeed

Popular Reviews

Pioneer BDR-S13U-X Blu-Ray Recorder

Pioneer BDR-S13U-X Blu-Ray Recorder

EnGenius ECW230S AP

EnGenius ECW230S AP

Pioneer BDR-X13U-S

Pioneer BDR-X13U-S

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

Pioneer BDR-XD08UMB-S External Blu-Ray Recorder

be quiet! Pure Rock 2 FX

be quiet! Pure Rock 2 FX

be quiet! Pure Loop 2 FX (280mm)

be quiet! Pure Loop 2 FX (280mm)

Creative Zen Hybrid

Creative Zen Hybrid

be quiet! Silent Wings Pro 4

be quiet! Silent Wings Pro 4

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed