![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security14-100734743-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Wed, 07 Nov 2018 16:08:00 -0800<\/strong><\/p>\n Yesterday, Microsoft released ADV180028, <\/span>Guidance for configuring BitLocker to enforce software encryption<\/span><\/a>, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (<\/span>PDF<\/span><\/a>).<\/span><\/p>\n The paper (marked \u201cdraft\u201d) explains how an attacker can decrypt a hardware-encrypted SSD without knowing the password. Due to a flaw in the way self-encrypting drives are implemented in firmware, a miscreant can get at all of the data on the drive, no key required. G\u00fcnter Born reports on his <\/span>Borncity blog<\/span><\/a>:<\/span><\/p>\n The security researchers explain that they were able to modify the firmware of the drives in a required way, because they could use a debugging interface to bypass the password validation routine in SSD drives. It does require physical access to a (internal or external) SSD. But the researchers were able to decrypt hardware-encrypted data without a password. The researchers write that they will not release any details in the form of a proof of concept (PoC) for exploit.<\/span><\/p>\n Microsoft\u2019s BitLocker feature encrypts all the data on a drive. When you run BitLocker on a Win10 system with a solid state drive that has built-in hardware encryption, BitLocker relies on the self-encrypting drive\u2019s own capabilities. If the drive doesn\u2019t have hardware self-encryption (or you’re using Win7 or 8.1), BitLocker implements software encryption, which is less efficient, but still enforces password protection.<\/span><\/p>\n The hardware-based self-encryption flaw seems to be present on most, if not all, self-encrypting drives.<\/span><\/p>\n Microsoft\u2019s solution is to unencrypt any SSD that implements self-encryption, then re-encrypt it with software-based encryption. Performance takes a hit, but data will be protected by software, not hardware.<\/span><\/p>\n For details on the re-encryption technique, <\/span>see ADV180028.<\/span><\/a><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Wed, 07 Nov 2018 16:08:00 -0800<\/strong><\/p>\n Yesterday, Microsoft released ADV180028, <\/span>Guidance for configuring BitLocker to enforce software encryption<\/span><\/a>, in response to a clever crack published on Monday by Carlo Meijer and Bernard van Gastel at Radboud University in the Netherlands (<\/span>PDF<\/span><\/a>).<\/span><\/p>\n<\/p>\n