Self-encrypting solid-state storage drives from Samsung and Crucial are open to tampering that would allow an attacker with physical access to harvest their data without knowing the user’s password, researchers have discovered.
Researchers at Radboud University in the Netherlands found that it’s possible to bypass existing protection mechanisms and access the data without knowing the user’s password. The issue affects both internal storage devices (in laptops, tablets and computers) and external storage devices (connected via a USB cable), across Mac, Linux and Windows systems.
There are two classes of vulnerabilities, both stemming from the use of the TCG Opal encryption standard. The first (CVE-2018-12037) has to do with the absence of cryptographic binding between the password provided by the end user and the cryptographic key used for the encryption of user data.
“As such, the confidentiality of the user data does not depend on secrets, and thus can be recovered by an attacker who has code execution on the drive’s controller (achievable through, e.g. JTAG, memory corruption, storage chip contents manipulation, and fault injection),” the researchers explained in their advisory [PDF], published Monday.
The second class of flaws (CVE-2018-12038) involves the information stored within a storage chip that has been wear-leveled – i.e., it has specific hardware tweaks meant to prolong the service life of the chip.
“Multiple writes issued to the same logical sector may result in writes to different physical sectors,” the researchers explained. “In the case of the end user setting a password, the unprotected key information is overwritten on a logical level with an encrypted variant. However, the unprotected key information may still exist within the storage chip.”
Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team, said in an emailed comment that as ever, a multilayered security approach should always be a best practice.
“Calling these devices encrypted is massively misleading,” he wrote. “Expecting a hard-drive maker to provide meaningful security of the data it stores is like letting the lunatics run the asylum. The best security protections are tiered and layered, and in this case, that means not relying on the drive to handle authentication, encryption and data storage all on its own.”
For both classes of flaws, the analysis team was able to carry out a successful data recovery attack. They aren’t releasing any details on the proof-of-concept, but they did say the attack required significant reverse-engineering to carry out. Because of the exploitation difficulty, the flaws are rated medium-severity. However, “there is a risk that the exploitation of these flaws will be automated by others, making abuse easier,” they said.
To address the problem, the researchers recommend implementing software encryption in addition to the solid-state storage drive’s (SSD) built-in encryption. However, they cautioned that users shouldn’t rely on Windows’ BitLocker mechanism, which automatically switches off if hardware encryption is present.
“Thus, for these drives, data protected by BitLocker is also compromised,” the researchers noted. They added, “For the affected models, the default setting must be changed so that only software encryption is used.”
That default change can be handled in Windows’ Group Policy settings – however, this won’t re-encrypt the data on any affected SSDs that are already deployed. So, for the installed base of SSDs, admins will need to completely re-install the storage devices, including reformatting the internal drives, to enforce BitLocker software encryption.
“This problem requires action, especially by organizations storing sensitive data on these devices,” said researcher Carlo Meijer, in a media statement. “And also by some consumers who have enabled these data protection mechanisms. But most consumers haven’t done that.”
The researchers confirmed that the flaws affect the Crucial (Micron) MX100, MX200 and MX300 internal hard disks; Samsung T3 and T5 USB external disks; and Samsung 840 EVO and 850 EVO internal hard disks. Other SSDs that use TCG Opal may be vulnerable, but they weren’t tested.
Both manufacturers were informed of the flaws in April by the National Cyber Security Centre (NCSC) of the Netherlands. Samsung has issued a firmware update for portable drives, but generally, firmware won’t address the issues, according to the research team.
“It is difficult to assess if future updates will correctly solve the issues,” they noted. “Therefore, we believe that updating drive firmware is not a proper alternative to using additional protection mechanisms such as software encryption.”