Skip to main content

Are Some SSD Drives Susceptible To Hacking?

By November 14, 2018June 2nd, 2022Cybersecurity

A research team has found an exploit that allows hackers to decrypt and view encrypted files on a number of well-known SSD drives.

They include:

  • Samsung T5 Portable
  • Samsung T3 Portable
  • Samsung 850 EVO
  • Samsung 840 EVO
  • Crucial MX 300
  • Crucial MX 200
  • Crucial MX 100

According to the research team:

“We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.  In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations.  In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.”

The team disclosed their findings to both Crucial and Samsung to give both of the companies an opportunity to prepare firmware updates and get them out to their clients.

Crucial has responded swiftly, offering firmware updates to all three of the impacted drives.  Samsung’s response has been a bit more sluggish.  To date, they’ve released firmware updates for the T3 and T5 models. Apparently though, the company has no plans to update their EVO drives, having issued a statement encouraging EVO users to opt for software encryption instead.

Unfortunately, there’s another fly in the ointment.  Windows’ BitLocker software encryption will default to hard drive encryption if it finds it supported on a given drive. This means that BitLocker cannot be counted on as a viable software encryption solution.  The same flaws that allow hackers access to the drives mentioned above will also allow them to circumvent BitLocker.

The bottom line is simply this:  If you’re relying on your SSD drive to secure your data, it may not be offering you as much protection as you had hoped, especially if you’re currently using a Samsung EVO drive.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.