Radboud University Nijmegen: Researchers Find Vulnerabilities in Self Encrypting SSDs

Researchers from Radboud University in the Netherlands found severe security vulnerabilities in several popular, self-encrypting SSDs from Samsung and Crucial. These SSDs can encrypt and decrypt data coming in and out on the fly, which is seen as a "hardware encyption" option in Bitlocker on Windows systems, but the researchers highlighted several ways to bypass this encryption without a user password. Vendor-specific commands, memory corruption, storage chip communication exploits, and (theoretically) fault injection attacks can all be used to run unsigned code, and gain control over the SSD's data. The full research paper can be read here, and the researchers recommend using software encryption over hardware encryption in general. Samsung and Crucial were notified in April, and Samsung already has a consumer notice on their site.