Last November, Microsoft sent out a security advisory to users to warn of a vulnerability that targets hardware-based encryption on solid-state drives (SSDs). In response to this problem, Microsoft has now supported BitLocker software encryption instead of hardware encryption.
Dutch security researchers Bernard von Gastel and Carlo Meijer from Radboud University discovered the flaw and described it in a research paper.
Titles “Weaknesses in the encryption of solid state drives,” the paper shows how hackers could access the drive and transfer data without needing password authentication. While this is clearly a major problem, it is somewhat self-mitigated. That's because the attacker would need physical access to the drive to be able to exploit the vulnerability.
Microsoft says it was trusting SSD manufacturers that their hardware was self-encrypted and secure. However, many SSDs were vulnerable to attacks if content of the drives were exposed.
At the time, Microsoft suggested Windows 10 users to switch to software encryption for affected SSDs. The company is now updating this stance. With KB4516071, the company says it will switch to software encryption by default.
“Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.”
It is worth remembering software encryption is more intensive on processor performance. That said, users can still opt to use hardware encryption if the SSD is trusted. Admins who want hardware encryption will now need to select it manually.