cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
useraE2tUIVNiR
Constellation

was the security flaw of Self Encrypted Drives removed or not discovered in EVO 860 and newer SSDs?

Hi,

Could not find any statements that security flaw discovered in earlier versions of Samsung SSDs was corrected in newer versions (EVO 860, 960, 970 or MZVLB etc.).

Did anyone met information confirming that this flaw was considered in newer models?

or that other models were tested by Samsung and they are not affected by such weakness and cann't be hacked by reverse engineering?

Or it's still better to consider software encryption?

Thanks.

 

https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researcher...

Radboud University researchers discover security flaws in widely used data storage devices

Affected Products
The models for which vulnerabilities have actually been demonstrated in practice are:
Crucial (Micron) MX100, MX200 and MX300 internal hard disks;
Samsung T3 and T5 USB external disks;
Samsung 840 EVO and 850 EVO internal hard disks.

 

https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf

Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028

ADV180028 | Guidance for configuring BitLocker to enforce software encryption
Security Advisory
Published: 11/06/2018 On this page
Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption™. On Windows computers with self-encrypting drives, BitLocker Drive Encryption™ manages encryption and will use hardware encryption by default. Administrators who want to force software encryption on computers with self-encrypting drives can accomplish this by deploying a Group Policy to override the default behavior. Windows will consult Group Policy to enforce software encryption only at the time of enabling BitLocker.

1 REPLY 1
userlZ6TVZ4bxo
Constellation

Re: was the security flaw of Self Encrypted Drives removed or not discovered in EVO 860 and newer SS

As of today the Samsung consumer notice is still saying there is no fix for internal drives. See

 

https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/?CID=afl-ecomm-cjn-cha-09...

 

I would assume then that there is no simple firmware update to fix this issue?

Reply
Loading...