Security hole

If you use these self-encrypting disks, your data is NOT secure

Researchers discovered that internal & external SSD storage made by Samsung and Crucial do encryption INCORRECTLY. If you use them, your data is at risk!

Worse still, if you use these self-encrypting disks with Windows’s BitLocker turned on, it can give you a false sense of security. That’s because if BitLocker knows that the drive is self-encrypting, it will stop doing encryption on the software level and let the hardware do it instead (incorrectly in this case). So, to force BitLocker do software-level encryption, your IT administrator must overwrite the default configuration setting in Group Policy Editor.

The affected SSD storage products are:

  • Crucial (Micron) MX100, MX200 and MX300 internal hard disks;
  • Samsung T3 and T5 USB external disks;
  • Samsung 840 EVO and 850 EVO internal hard disks.

Unfortunately, the encryption is done incorrectly at the hardware level and no software update can fix it. If you use any of these products, you have to treat your data as if they are unencrypted and re-encrypt them at the software level.

Taking a step back, I have long expressed reservations about self-encrypting storage devices in my book. Make no mistake, this discovery is only the beginning. More disk storage manufacturers will be found to have implemented encryption incorrectly in the months to come.

If you need advice on this issue, please feel free to contact us.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from iSecurityGuru

Subscribe now to keep reading and get access to the full archive.

Continue reading