Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines - Security Boulevard

Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines

Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely. These vulnerabilities, discovered by Radboud University researchers Carlo Meijer and Bernard van Gastel, affect multiple models including some made by the popular brands Crucial and Samsung.

A draft of the detailed report is available with more details on the attacks.SSD study results via Radboud University

Managing the hardware encryption of these SSDs directly is not very common in enterprise environments, but it is worth verifying your encryption process to be certain. For example, Bitlocker, part of Windows, will leverage hardware encryption by default when it is available, making your environment vulnerable even if you believe you are bypassing the SSD’s hardware encryption. Below, we’ll look at how you can identify which systems are running Bitlocker, and if they’ve been configured to default to the SSD’s hardware encryption. We’ll then review some possible steps to fix configurations to remove the vulnerability for good.

Identify Systems Using Hardware Encryption With Bitlocker


The first way you can identify systems running Bitlocker with hardware encryption is by running the following command in an elevated PowerShell terminal:

manage-bde -status

You will then get a report on the encryption status of the drives on that system. 

Windows Powershell terminal with a report on encryption status


The interesting field is Encryption Method. If you had a system using hardware encryption, that field would report HARDWARE_ENCRYPTION. 

Via osquery

Using manage-bde is a (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Guillaume Ross. Read the original post at: