All storage devices that harbor sensitive information must be fully secure throughout their lifecycle. In fact, enterprises have a legal duty to their customers to protect their personally identifiable information. And with the average cost of a data leak climbing to almost four million dollars in 2018—and reputational damage being even more severe—there’s simply no reason not to make data security a top priority, particularly when it comes to SSD encryption.
Encryption is a widely used method of disguising data so that it can’t be accessed freely. Believed to be an effective method of securing the safety of your sensitive data, many companies rely on encryption and cryptographic erasure to secure their assets.
But is encryption really secure? Perhaps not when it comes to your Solid-State Drives (SSDs).
Research from Radboud University has found vulnerabilities in the way some SSDs implement hardware encryption. These vulnerabilities can be used to break security systems that rely on SSD encryption. During testing, researchers analyzed the situation when an attacker has obtained a computer with BitLocker encryption and an SSD that supports hardware-based cryptosystem. They found that in the tested devices, a key security feature is the reliance on “security by obscurity; that is, systems that are secure if no-one really knows how they work.
The tools used by the researchers to break SSD hardware encryption are easily available: JTAG debugger prices start from about 50 dollars, and while a SATA analyzer may cost thousands of dollars, even they are not rare. Worryingly, the research even goes as far as to provide step-by-step instructions on how the SSD hardware encryption can be broken.
What Does This Mean for Your SSDs?
The paper states that the security scheme on certain SSD devices “is essentially equivalent to no encryption, as the encryption key does not depend on secrets.” By modifying the password validation routine, the drive unlocks with any password, rendering the contents accessible. This applies to both ATA security and TCG Opal. Shockingly, the study also unearthed some grave vulnerabilities in drives from a major global drive manufacturer, wherein the encryption key used to access encrypted data was found to be identical across all drives of a specific specification.
While encryption and is often an effective method of obscuring sensitive data, clearly even a single bug in the system can make the entire system vulnerable to breach. Practicing stringent data sanitization across your SSD assets throughout their lifecycle adds an essential layer of security to your systems. Blancco’s patented SSD erasure utilizes two rounds of random overwrite in addition to a firmware command step to render data unrecoverable. This procedure ensures that data really is gone, even if the device encryption is compromised.
Discover how Blancco’s patented SSD erasure can strengthen your organization’s defenses against attack. Watch this video to understand how Blancco Drive Eraser overcomes data destruction issues in SSDs to ensure all data is permanently erased.