Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday November 08 2018, @08:46AM   Printer-friendly
from the advise-an-advice dept.

Submitted via IRC for Bytram

BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection

Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).

[...] The security researchers explain that they were able to modify the firmware of the drives in a required way, because they could use a debugging interface to bypass the password validation routine in SSD drives. It does require physical access to a (internal or external) SSD. But the researchers were able to decrypt hardware-encrypted data without a password. The researchers write that they will not release any details in the form of a proof of concept (PoC) for exploit.

Microsoft's BitLocker feature encrypts all the data on a drive. When you run BitLocker on a Win10 system with a solid state drive that has built-in hardware encryption, BitLocker relies on the self-encrypting drive's own capabilities. If the drive doesn't have hardware self-encryption (or you're using Win7 or 8.1), BitLocker implements software encryption, which is less efficient, but still enforces password protection.

[...] The hardware-based self-encryption flaw seems to be present on most, if not all, self-encrypting drives.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by Unixnut on Thursday November 08 2018, @10:43AM (1 child)

    by Unixnut (5779) on Thursday November 08 2018, @10:43AM (#759332)

    The fact Linux exists and is popular is proof that we are in an "openness era". That doesn't mean everything is open, just more open than before.

    I remember a time when you just accepted that the OS is a black box with no insight over what is going on inside (unless you paid a hell of a lot of money). I remember a time when your OS didn't even have dev tools at all, and you had to pay big money for a simple compiler to be able to code.

    The days of running a free OS, without needing very specific (usually a couple generations old) hardware, with a huge selection of programming languages, tools, and libraries, all for free, is quite something. If it wasn't for the OSS environment I never would have got into computers, because I just could not afford the devtools in order to learn.

    If you wanted any kind of interesting data, you had to pay for it. Government was not even online at the time, so if you wanted data from them, it involved a lot of physical work going there, applying for it, waiting for approval (with justifications for why you want the data), usually pay a "Processing fee", and if you were lucky, you would get digital data (usually you got a poorly photocopied stack of papers, themselves photocopied from somewhere else, and barely legible).

    Now you have public APIs all over the place, from financial information, to government statistics, to weather reports. Everyone is providing data out there, usually for free, in a form easily parsable and managable my machines.

    I mean, even industrial automation (you know, robots, CNC machines), historically the bastion of proprietary secrets, software and logic, have started deploying open source operating systems, and providing documented APIs for free as part of the purchase (before, you had to buy the robot, then the PLC to control it, then license the software, and if you wanted the API, or to extend the software, you had to pay again).

    Now we got open source CAD software, open hardware (including 3D printers and CNC machines) and sites dedicated to sharing plans, designs and systems for free, and a whole movement of tinkerers and fabricators making stuff themselves.

    Is the world 100% free and open? No (and it never will be), but it is a hell of a lot better than what it was, and now as we seem to have started sliding in the other direction again, we can consider it an "era" as such.

    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Thursday November 08 2018, @05:22PM

    by Anonymous Coward on Thursday November 08 2018, @05:22PM (#759428)

    Is the world 100% free and open?

    It's not even close. It's mostly proprietary.