Security hole

Researchers discovered that internal & external SSD storage made by Samsung and Crucial do encryption INCORRECTLY. If you use them, your data is at risk!

Worse still, if you use these self-encrypting disks with Windows’s BitLocker turned on, it can give you a false sense of security. That’s because if BitLocker knows that the drive is self-encrypting, it will stop doing encryption on the software level and let the hardware do it instead (incorrectly in this case). So, to force BitLocker do software-level encryption, your IT administrator must overwrite the default configuration setting in Group Policy Editor.

The affected SSD storage products are:

  • Crucial (Micron) MX100, MX200 and MX300 internal hard disks;
  • Samsung T3 and T5 USB external disks;
  • Samsung 840 EVO and 850 EVO internal hard disks.

Unfortunately, the encryption is done incorrectly at the hardware level and no software update can fix it. If you use any of these products, you have to treat your data as if they are unencrypted and re-encrypt them at the software level.

Taking a step back, I have long expressed reservations about self-encrypting storage devices in my book. Make no mistake, this discovery is only the beginning. More disk storage manufacturers will be found to have implemented encryption incorrectly in the months to come.

If you need advice on this issue, please feel free to contact us.

If you use these self-encrypting disks, your data is NOT secure
Tagged on:                 

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Are you a VERY CAREFUL person?

You need to be informed about hackers' latest tricks so that you will know what to do to protect yourself.

Subscribe NOW to ensure that you are taken care of!

* indicates required