According to this recently published report of Researchers from Radboud University in The Netherlands hackers could easily bypass the encryption on Samsung SSDs without the user’s passwords. They simply reverse engineered the firmware, and modified password validation routine in RAM through JTAG.
Currently I can't see that this issue has been discussed yet in the forum, so I will do that since from Samsung only a small consumer notice has been published which IMHO is not satisfying me. Simply advising to use newest firmware does not convince me due to the fact that since publishing the security breach no new firmware was available addressing this.
The report listed Samsung SSD model's 840 EVO (SATA), 850 EVO (SATA), T3 (USB) and T5 (USB) to be affected but does not rule out other models to be affected too (like the PRO's or the M.2 models) neither Samsung do it in its consumer notice.
Since Crucial models are affected the same way and the kind of vulnerability looks to me that this SED (self encrypted device) thing is broken by design and something has to be done to get my confidence back.
In the meantime Microsoft has disabled hardware encryption on default described in its security advisory on Bitlocker.
Myself I have Samsung SSD 850 PRO and M.2 960 EVO model. The 850 PRO is in use on my desktop PC with hardware encryption together with a hardware TPM. The M.2 model does not support edrive as boot drive, but that's a different issue (with mainboard BIOS).
I would like to get some concrete and reasonable answers for:
Until then I have no confidence in self encrypted devices and considering the use of software based full disk encryption.
As I can see, the issue was posted by others too.
But no one cares, neither customers nor Samsung technicians.
Hence, I conclude that hardware encryption of Samsung (and other companies) ssd's should be considered as a failed attempt of digital revolution and should be wiped out from any product sheet. Too bad, it could have been a nice feature.