A new vulnerability affecting hardware-based encryption on solid state drives (SSDs) has prompted a security advisory from Microsoft. Dutch security researchers Bernard von Gastel and Carlo Meijer from Radboud University discovered the flaw and described it in a research paper.
Titles “Weaknesses in the encryption of solid state drives,” the paper shows how hackers could access the drive and transfer data without needing password authentication. While this is clearly a major problem, it is somewhat self-mitigated. That's because the attacker would need physical access to the drive to be able to exploit the vulnerability.
Still, the flaw does affect most solid state drives from leading manufacturers. Microsoft has responded to the paper with a security advisory that provides a step-by-step guide to switch to software-based encryption. With the process, admins can convert their encryption away from reliance on hardware.
Here is the process Microsoft recommends:
- Open an elevated command prompt, e.g. by opening the Start menu, typing cmd.exe, right-clicking on the result, and selecting the “run as administrator” option.
- Confirm the UAC prompt that is displayed.
- Type manage-bde.exe -status.
- Check for “Hardware Encryption” under Encryption Method.
Another options for switching to software encryption is as follows:
- Open the Start menu.
- Type gpedit.msc
- Go to Computer Configuration> Administrative Templates > Windows Components > Bitlocker Drive Encryption.
- For the system drive, open Operating System Drives and double-click on Configure use of hardware-based encryption for operating system drives.
- Fixed date drives, open Fixed Data Drives and double-click on Configure use of hardware-based encryption for Fixed Data Drives.
- For removable drives, open Removable Data Drives and double-click on Configure use of hardware-based encryption for Removable Data Drives,
- Set the required policies to Disabled. A value of disabled forces BitLocker to use software-encryption for all drives even those that support hardware encryption.
It is worth remembering this vulnerability is only a problem for solid state drives and not normal hard drives (HDDs).