Microsoft BitLocker Security Will Not Rely on SSD Hardware Encryption Following Update

The change follows a report that SSD manufacturers were not implementing hardware encryption adequately.

Share on Facebook Tweet Share Reddit Comment
Microsoft BitLocker Security Will Not Rely on SSD Hardware Encryption Following Update
Highlights
  • Research has shown that some SSDs have flawed hardware encryption
  • BitLocker will no longer rely on SSDs to implement their own encryption
  • Existing BitLocker volumes are not affected and will not be changed

According to release notes Microsoft has published for the incremental KB4516071 update for Windows 10, the company will no longer use the hardware encryption capabilities built into some SSDs when the BitLocker security framework is enabled. Instead, Windows will apply its own software encryption. The change has been attributed by security experts to reports that major SSD manufacturers have not been taking adequate security measures with their implementations of encryption, resulting in potentially easy ways to bypass the security protections that users might take for granted. Microsoft is effectively taking control of the process, rather than trusting SSD manufacturers. The change will not affect existing BitLocker volumes.

As pointed out by the popular Twitter account SwiftOnSecurity, the change comes almost a year after a research report published by Radboud University in the Netherlands revealed that some implementations of hardware encryption on an SSD can be defeated by simply using a manufacturer's master password, or by intercepting the DEK (Disk Encryption Key) which itself is not cryptographically encoded. These processes can be used by an attacker to defeat an SSD's own security without needing to know the user's own encryption key.     

The research report identified several popular consumer SSD models sold by Crucial and Samsung. The findings applied to internal as well as external SSDs, and the researchers stated that many more drives might be affected. Both companies have since released security patches that are said to address this issue.

As reported by ZDNet at the time, the research report specifically noted that Windows BitLocker users were at risk because Microsoft by default allows SSDs to handle their own encryption. The company now seems to have changed its mind, and is taking control of the process, at least for newly created volumes. 

Modern PCs can take advantage of specific instructions on newer CPUs that are designed to accelerate software encryption without creating significant overhead in terms of CPU workload. SSDs can be encrypted and decrypted on the fly, for most kinds of applications, negating the advantages of native hardware encryption.

Users (or IT administrators) who wish to switch from hardware to software encryption will first have to decrypt their drives entirely and then re-encrypt them. As always, there will still be the ability to rely on hardware encryption, which users can take advantage of if they are certain that their SSDs are secure. 

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Microsoft, Windows, Windows 10, BitLocker
Jamshed Avari

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Mi Mix 4 Not in The Works, Mi Mix Alpha the Only Mi Mix Phone in Development: Xiaomi Executive
Twitter Lets Users Sideline Unwanted Direct Messages
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.