• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

November 7, 2018 by Haitao Huang 1 Comment

Researchers at Radboud University in the Netherlands have revealed today vulnerabilities in some solid-state drives (SSDs) that allow an attacker to bypass the disk encryption feature and access the local data without knowing the user-chosen disk encryption password.

The vulnerabilities only affect SSD models that support hardware-based encryption, where the disk encryption operations are carried out via a local built-in chip, separate from the main CPU.

But in a new academic paper published today, two Radboud researchers, Carlo Meijer and Bernard van Gastel, say they’ve identified vulnerabilities in the firmware of SEDs.

The only way users would be safe was if they either changed the master password or if they ‘d configure the SED’s Master Password Capability setting to “Maximum,” which effectively disables it.

 

https://thehackernews.com/2018/11/self-encrypting-ssd-hacking.html

 

Filed Under: Week 10: Web Application Hacking Tagged With:

Reader Interactions

Comments

  1. Ruby(Qianru) Yang says

    November 7, 2018 at 4:16 pm

    Hi Haitao, interesting article, I like the author gives out what should do for example, rather than relying on BitLocker, you can use the open-source VeraCrypt tool to encrypt your Windows system hard drive or any other drive. VeraCrypt is based on the TrueCrypt software and handles the encryption process by its own without relying on SSD.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in