The authors show that the built-in encryption in the previously considered safe disks of Crucial, Samsung, and SanDisk is relatively easy to circumvent. This allows secure data to be read without a password. Depending on the settings, this can even happen if the encryption software BitLocker, which is built into Windows, is used.

Their research started in 2016, and was partly made public last November (Crucial and Samsung disks), but during the conference details about SanDisk disks also became public. These companies had the information half a year earlier so that they could take measures and prepare software updates for the affected products. As a result, at the same time as the presentation, new software updates for the disks were published.

About the conference

Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The 2019 Symposium will mark the 40th annual meeting of this flagship conference.

The Symposium was held on May 20-22, 2019, and the Security and Privacy Workshops was held on May 23, 2019. Both events were in San Francisco, USA.

Download

Download the paper Self-encrypting deception: weaknesses in the encryption of solid state drives.