Security researchers at Radboud University in the Netherlands have discovered a flaw in several manufacturers’ solid state hard drive firmware that can be exploited to read data from self-encrypting drives (SED). The researchers published their findings in a paper on November 5th. The authors identified several methods they were able to use to bypass hardware based full disk encryption on drives from Crucial and Samsung. On November 6th, Microsoft issued a Security Advisory detailing a vulnerability as it relates to use of Microsoft’s BitLocker encryption scheme which is included with its Windows operating system.
When using Microsoft’s BitLocker encryption Windows will leverage the hard drive’s hardware-based encryption as opposed to its own software-based BitLocker Drive Encryption. This leaves the drive vulnerable to the exploit identified by the researchers at Radboud. Several articles have documented that BitLocker’s default behavior of relying on the SED only pertains to Windows 10, however, Microsoft’s Security Advisory specifies several versions of Windows are affected.
Microsoft recommends changing the encryption method from hardware-based encryption to software-based BitLocker Drive Encryption. To change encryption schemes the drive must be unencrypted and re-encrypted. Microsoft outlines the necessary steps using Group Policy in their Security Advisory. They also provide the syntax for a command that can be used to determine the type of encryption currently being used on the computer.