New SSD Vulnerabilities Call for Deeper Endpoint Visibility and Control
New SSD Vulnerabilities Call for Deeper Endpoint Visibility and Control

Solid-state drives (SSD) have long been great tools because they automatically encrypt data stored on them and when the device is disconnected from its host device, the data on the SSD becomes unreadable. Additionally, hardware-based encryption uses fewer systems resources than software-based encryption so they were a perfect solution for data storage, or so we thought.

Earlier this month, it was reported that researchers from Netherlands’ Radboud University published a paper outlining how hardware encryption systems that are built into solid-state drives (SSD) can be bypassed, allowing intruders’ access to data assumed to be protected by the device.

A vulnerability was discovered that allows a drive to be removed or external drives accessed via the debugger port and the master password can be overridden. This then grants access and allows for complete recovery of the data without knowledge of any drive or encryption password.

According to researchers, this flaw impacts the following SSD models: Crucial MX100, MX200, and MX300 in all available form factors; the Samsung 840 EVO and 850 EVO in SATA variants; and the Samsung T3 and T5 USB SSDs.

Steps to Secure Your SSDs

Obviously if you don’t know how many SSDs are connected to your devices, you’ll need to start there. The Absolute Platform can help identify devices that have SSDs, determine their encryption status, the user and their location as well as identify sensitive data that resides on these devices, and perhaps most importantly, remotely delete this data when needed.

 

 

 

Figure one: building custom reports using filters

Next, Microsoft issued an advisory notice with instructions for checking whether BitLocker is using hardware or software encryption. If it uses hardware encryption, they recommend switching to software encryption. Samsung also recommended an update for their firmware. Ensuring this update is made (and others like it) is something one feature of our platform can also help you with. The reporting tool within the Absolute Platform will tell you whether or not updates are made and when you can rest assured yet another vulnerability has been addressed. Absolute can also ensure BitLocker is healthy and compliant on devices via Application Persistence.

Learn more about how Absolute allows organizations to see and secure all devices, data, applications and users on our website.

ABOUT THE AUTHOR

Kim Ellery

Kim Ellery serves as a Senior Director of Product Marketing at Absolute. In this role, Kim drives the development and direction of Absolute’s go-to-market strategy, including facilitating product and market intelligence while engaging with Absolute staff, customers and partners. Prior to Absolute, Kim served in product management and marketing roles at Mobile Mentor within Asia-Pacific and Europe, where he developed and implemented effective mobile security solutions. Kim is also involved with a number of entrepreneurial ventures in the local tech community, and a mentor to aspiring product marketers at Product BC.



0 COMMENTS

Leave a Reply

Your email address will not be published.