Researchers discovered that internal & external SSD storage made by Samsung and Crucial do encryption INCORRECTLY. If you use them, your data is at risk!
Worse still, if you use these self-encrypting disks with Windows’s BitLocker turned on, it can give you a false sense of security. That’s because if BitLocker knows that the drive is self-encrypting, it will stop doing encryption on the software level and let the hardware do it instead (incorrectly in this case). So, to force BitLocker do software-level encryption, your IT administrator must overwrite the default configuration setting in Group Policy Editor.
The affected SSD storage products are:
- Crucial (Micron) MX100, MX200 and MX300 internal hard disks;
- Samsung T3 and T5 USB external disks;
- Samsung 840 EVO and 850 EVO internal hard disks.
Unfortunately, the encryption is done incorrectly at the hardware level and no software update can fix it. If you use any of these products, you have to treat your data as if they are unencrypted and re-encrypt them at the software level.
Taking a step back, I have long expressed reservations about self-encrypting storage devices in my book. Make no mistake, this discovery is only the beginning. More disk storage manufacturers will be found to have implemented encryption incorrectly in the months to come.
If you need advice on this issue, please feel free to contact us.
DON'T GET HACKED!
