Stories
Slash Boxes
Comments

SoylentNews is people

BitLocker on Self-Encrypted SSDs Blown; Microsoft Advises You Switch to Software Protection

posted by mrpg on Thursday November 08 2018, @08:46AM   Printer-friendly
from the advise-an-advice dept.

upstart writes:

Submitted via IRC for Bytram

BitLocker on self-encrypted SSDs blown; Microsoft advises you switch to software protection

Yesterday, Microsoft released ADV180028, Guidance for configuring BitLocker to enforce software encryption, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (PDF).

[...] The security researchers explain that they were able to modify the firmware of the drives in a required way, because they could use a debugging interface to bypass the password validation routine in SSD drives. It does require physical access to a (internal or external) SSD. But the researchers were able to decrypt hardware-encrypted data without a password. The researchers write that they will not release any details in the form of a proof of concept (PoC) for exploit.

Microsoft's BitLocker feature encrypts all the data on a drive. When you run BitLocker on a Win10 system with a solid state drive that has built-in hardware encryption, BitLocker relies on the self-encrypting drive's own capabilities. If the drive doesn't have hardware self-encryption (or you're using Win7 or 8.1), BitLocker implements software encryption, which is less efficient, but still enforces password protection.

[...] The hardware-based self-encryption flaw seems to be present on most, if not all, self-encrypting drives.

Original Submission

 
This discussion has been archived. No new comments can be posted.
BitLocker on Self-Encrypted SSDs Blown; Microsoft Advises You Switch to Software Protection | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday November 08 2018, @05:25PM (2 children)

    by Anonymous Coward on Thursday November 08 2018, @05:25PM (#759431)

    When truecrypt fell, they specifically mentioned bitlocker as an alternative. So what are the alternatives now?
    Speaking of which have there ever been any cases of truecrypt being defeated? It was hypothetically insecure at the time of the announcement.

  • (Score: 1, Informative) by Anonymous Coward on Thursday November 08 2018, @06:03PM

    by Anonymous Coward on Thursday November 08 2018, @06:03PM (#759453)

    "they" are idiots. use linux and luks, ffs

  • (Score: 2) by tangomargarine on Thursday November 08 2018, @08:49PM

    by tangomargarine (667) on Thursday November 08 2018, @08:49PM (#759539)

    There are successors to the TrueCrypt codebase like VeraCrypt and CipherShed.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"