Thursday, March 28, 2024

Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data

A critical Hardware Encryption based vulnerability discovered in Widely used storage devices from Samsung & Crucial allow an attacker to bypass the Existing protection mechanism and access the device data.

Millions of devices are using data Storage Devices Manufactured by Samsung & Crucial to store the sensitive data by both individuals and organizations.

Solid-state Storage drives directly manufactured by Samsung Electronics Co. Ltd. and Crucial brand drives made by Micron Technology Inc.

Recent research by Radboud University reveals that these data storage devices with self-encrypting drives do not provide the upto the level of security and attacker could bypass the device security with direct physical access.

Attackers break the security mechanisms from the storage devices and possibly access the data without knowing the device password.

several types of solid-state drives manufactured by Samsung and Crucial are affected by this vulnerabilities.

Aslo This flaw affected in both internal storage devices (in laptops, tablets and computers) and in external storage devices (connected via a USB cable).

Researchers discovered this flaw in hardware encryption mechanism which is having critical security weaknesses that allows attacker access the password protected storage devices.

The issues were found on Crucial SSD models MX100, MX200 and MX300 as well as Samsung’s T3 and T5 portable SSDs and the 840 EVO and 850 EVO SSDs.

Hardware Encryption Failed

Researchers analyzed the storage devices that rely on hardware encryption mechanism by reverse engineering the several firmware and find the flaw called a pattern of critical issues across vendors.

Analyzing results reveal that multiple models can possible to bypass the encryption entirely without knowing the password and key.

Recover the data from the vulnerable storage devices, researchers enable the arbitrary write capability in order to change the MASTER PASSWORD CAPABILITY in RAM.

Arbitrary write capability can be enabled by installing a modified firmware that includes arbitrary read/write capabilities which you can read here research paper Section VI-C.

Once the firmware will completely installed attacker could enable the use its arbitrary write capability in order to write executable code in the device’s address space.

According to the Radboud University Researchers, The code is crafted such that it invokes the VerifyPasswd function with a zero buffer as password, using credential slot 11 and with bExtractRdsKey set to true.
It should overwrite an existing non-critical ATA command handler function, for example, the SMART command handler.
Issuing the corresponding ATA command then executes the code. At this point, the RDS(Relational Database Service) key is extracted and copied to the global RDS key buffer and all protected range keys can be decrypted.

Here researcher finally modify the VerifyPasswd function such that it always returns
SUCCESS, At this point, any password can be used to ‘authenticate’ successfully.

Later we can authenticate to the drive as normal and here password validation checks will not be working and the device will be unlocked using an empty string as the Master Password.

In this case, This flaw will impact more to the Operating systems that only rely on hardware encryption if hardware encryption is supported by the storage device.

Modern operating systems generally offer software encryption for the whole storage and this flaw will not impact much if the Operating systems if it does not perform this switch to hardware encryption. ( BitLocker, the encryption software built into Microsoft Windows helps to switch into hardware encryption which is not recommended to avoid this flaw.)

“Both manufacturers were informed of this security problem in April 2018 by the National Cyber Security Centre (NCSC) of the Netherlands. The university provided details to both manufacturers to enable them to fix their product. The manufacturers will themselves provide detailed information to their customers about the affected models” Researchers said.

Also Read:

Cold Boot Attacks – Hackers Can Unlock All the Modern Computers and Steal Encryption Keys & Passwords

New Bluetooth Vulnerability Affected Millions of Devices that Allow Hackers to Steal the Encryption key

DUHK Attack allows Hackers to Recover Encryption Keys and Decrypt Communications Passing Over VPN

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles