openPR Logo
Press release

Data security flaws in major self-encrypting SSDs allow attackers to bypass encryption and decrypt data

11-12-2018 07:44 PM CET | IT, New Media & Software

Press release from: iStorage Limited

iStorage diskAshur PRO²

iStorage diskAshur PRO²

(London, Nov 2018), Researchers at Radbound University in the Netherlands revealed that major flaws found in some self-encrypted Solid State Drives (SSDs) allow an attacker to bypass the password-based authentication process and access encrypted data stored on the drives.

The researchers found that the data encryption keys used to secure data stored on the drives are not derived from the owner’s password, and that an attacker with physical access to the drives can reprogram the drives via a debug port in order to accept any password. Once the drives have been reprogrammed, the SSDs will use the stored Data Encryption Keys to encrypt and decrypt all stored data.

With questions now arising into just how safe self-encrypted SSDs are, John Michael, CEO, iStorage Limited stated:

“This is an extremely worrying issue for anyone who has purchased such Self Encrypting SSDs believing that their data is encrypted and secure. According to researchers at Radbound University, the flaws range from very easy to slightly more complicated. ZDnet reported that they found that certain Self Encrypting SSDs come with support for a “master password”, which is written in the manual and can be used to gain access to the user’s encrypted password, effectively bypassing the user’s custom password. The other vulnerability relates to the user-chosen password not being linked to the Data Encryption Key, allowing an attacker to reprogram the drives’ debug port in order to accept any password and access all data contained therein.

Our customers need not be concerned about these flaws being present in iStorage products. iStorage products are not vulnerable to any such attacks reported by the researchers. The iStorage generated Data Encryption Key, in very simple terms, is derived from the PIN that is configured and entered by the user on the onboard keypad. In addition, they incorporate a lock-down feature which prevents any attacker from reprogramming our firmware. Furthermore, the iStorage Common Criteria EAL4+ ready microprocessor, employs a flash lock mechanism that ensures the product constantly remains in a mode where all write-access to program memory is denied.

Unlike other similar so-called password-based and PIN authenticated products, iStorage products such as the diskAshur², diskAshur PRO² and diskAshur DT² incorporate a secure microprocessor with no debug ports, essentially preventing attackers from modifying the firmware.

For example, a hacking company in China, Golon International, has listed on their website numerous microprocessors which they claim to have hacked. As an example, the Microchip PIC18F26K22, which is used within some so-called secure portable data storage devices is listed as being hacked. Whereas the same company attempted to hack the iStorage secure microprocessor and failed. We strongly recommend that customers ask manufacturers of secure portable data storage devices to disclose which microprocessor is incorporated within their products, and then visit the Golon website to see if such microprocessors are listed as being hacked. If they are, then we strongly recommend that customers steer clear of any products that incorporate such vulnerable microprocessors.

This latest vulnerability with Self Encrypting SSDs is an excellent example of why PIN authenticated portable data storage devices such as iStorage products, which incorporate secure microprocessors, should be chosen over simple password-based and other PIN authenticated drives that use non-secure microprocessors.”

Continues John:

“Aside from this, our customers should be reminded that iStorage drives have passed government security accreditations – where we have products which are certified to FIPS 140-2 Level 2/3, NCSC CPA, NLNCSA BSPA & NATO Restricted Level, all of which have successfully gone through the toughest testing standards and makes iStorage the world’s first and only company to have all such certifications.

Any customers who are concerned with whether their drive is secure or not should contact the manufacturer, however iStorage customers can rest assured that their data is secure if saved on iStorage encrypted data storage drives.

For more information or if you would like to request a free 30-day evaluation, please contact evaluation@istorage-uk.com. To find out how the iStorage range can help protect your organisation’s confidential data, whilst ensuring GDPR compliance, please visit www.istorage-uk.com or contact +44 (0) 20 8991 6260.

End.

About iStorage Limited:
iStorage is the trusted global leader of award winning PIN authenticated, hardware encrypted data storage devices. Delivering the most innovative products to securely store and protect data to military specified encryption levels; safeguarding valuable business information whilst ensuring compliance to regulations and directives.

Industry Awards won: 2013 UK IT Industry Awards Winner, 2015 UK IT Industry Awards Winner, Computing Security Excellence 2016 Awards SME Solution Award Winner, 2017 UK IT Industry Awards - Highly Commended, PC PRO Security Product of the Year 2017 for diskAshur PRO² and 2018 Security Today Magazine New Product of the Year – Winner in the Tools and Hardware Category.
iStorage is also featured on The Hiscox Sunday Times Tech Track 100 2016 List of Britain’s fastest growing tech companies, FT 1000 Europe’s Fastest Growing Companies 2017, London Stock Exchange Group’s 1000 companies to Inspire Britain 2018 and 2018 FT Future 100 UK list of the fast-growing businesses that are shaping the future of their sector and making positive impact on business and society.

iStorage Limited
iStorage House
13 Alperton Lane
Perivale
Middlesex
UB6 8DH
UK

T: +44 (0)20 8991 6260

For more information or to request images, please email Holli Cheung at holli.cheung@istorage-uk.com or telephone T: +44 (0)20 8991 6286

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Data security flaws in major self-encrypting SSDs allow attackers to bypass encryption and decrypt data here

News-ID: 1362768 • Views:

More Releases from iStorage Limited

Businesses at risk with two thirds of data backed up on unsecure storage devices
Despite 99% of respondents strongly agreeing that data security is a necessary practice, 66% of people are storing data on unencrypted storage devices – causing a vast majority of data, and therefore businesses, to become unintentionally vulnerable. London, UK – 31st March 2021. A recent survey conducted by iStorage Ltd, the award-winning and trusted global leader in PIN-authenticated, hardware-encrypted data storage and cloud encryption devices, found that 99% of
Introducing the diskAshur M2: iStorage’s Ultra-Portable PIN Authenticated, Hardware Encrypted SSD
Introducing the diskAshur M2: iStorage’s Ultra-Portable PIN Authenticated, Har …
iStorage, the award-winning and trusted global leader of hardware encrypted data storage and cloud encryption devices, is proud to announce the launch of the diskAshur M2. The diskAshur M2 is iStorage’s smallest, lightest, fastest and most rugged FIPS compliant encrypted portable SSD and includes connectivity for both USB type A and C ports. The new diskAshur M2 SSD encrypts data using FIPS PUB 197 validated, AES-XTS 256-bit hardware encryption
Introducing cloudAshur: Hardware Encryption Module - Winner of the Security Innovation of the Year Award at the 2019 UK IT Industry Awards
Introducing cloudAshur: Hardware Encryption Module - Winner of the Security Inno …
(London, Feb 2020), iStorage, the award winning and trusted global leader of hardware encrypted data storage and cloud encryption devices is delighted to announce that the cloudAshur hardware encryption module, winner of the UK IT Industry Award's Security Innovation of the Year award, is now shipping and available for purchase. Due to the uniqueness of the cloudAshur, iStorage are hosting weekly webinar sessions, which will take place every Wednesday at
iStorage Unveils the Game Changing cloudAshur – The Future of Cloud Data Security
iStorage Unveils the Game Changing cloudAshur – The Future of Cloud Data Secur …
iStorage, the award winning and trusted global leader of hardware encrypted data storage solutions has today unveiled the future of cloud security; cloudAshur (patent pending). The UK-engineered device is a revolutionary cloud data storage security solution which tackles the issue of cloud security head on. With cloud computing still in its infancy, security of data, systems and services is a concern for 9 out of 10 cybersecurity professionals, according to a

All 5 Releases


More Releases for PRO

Pico Buds Pro Reviews: Truth About Pico buds pro.
Pico buds pro has been trending in Argentina, US, Israel and other countries. Indeed the idea is great. With it, you will access the sound no matter where you are. Fits very comfortably with discreet design. It is an exceptional hearing aid at an amazing price. a lot of people have shown genuine interest in buying them, truly the idea is Unique. Generally, most hearing aids reviews have attracted positive
EasyTrim Pro Review 2022: Is EasyTrim Pro Worth It?
Hair clipping at home may often be a source of frustration. We have selected the most effective multi-purpose trimmer for you. Take a look at the EasyTrim Pro Review. Before making a purchase, have a look at some of the incredible features and prices. Before releasing any new product, we at Review Ecstasy do extensive market research. Let's get right into the subject of this particular hair trimmer right away. What is
Boltz Pro Review: Where to Buy Boltz Pro Charger
Visit Official Website Here >> https://bit.ly/3H2mhqu Boltz Pro Charger Recently launched, this adaptable phone charger is powerful and can charge all your devices simultaneously with its 4 charging ports. The QC 3.0 technology is four times faster, so you can go from 0% to 70% in just 35 minutes. Our hands are more connected to our smartphones than ever as the world changes. Our smartphones are always with us. Our smartphones allow
Revitaa Pro Reviews - revitaa pro weight loss consumer report
Visit Official Website Here >> https://bit.ly/3pjg3fN Worldwide obesity tripled from 1975 to 2016, as per WHO published report. In today’s era of rapid urbanization, and globalization, the mode of eating, working, transport, and physical activity changes drastically. Today, there is a difference between the calories consumed versus the calories spent. In the current working scenario, there is an increasing trend of physical inactivity. People of different age groups are gaining tremendous
Boltz Pro Review: Boltz Pro Charger, Is It Legit?
Boltz Pro Review: The need to use mobile devices is becoming increasingly prevalent. They make it easier to communicate, provide access to resources, and help people navigate, among other things. It is critical to ensure that a device is fully charged for such applications. A common issue with the average adaptive charge is that even after the device has been fully loaded, it will continue loading. In particular, it can be
TotalTrim Pro Review-Does TotalTrim Pro Work-Complete Info
TotalTrim Pro is a cordless hair clipper grooming kit that offers get entry to to professional grooming movies as well, teaching users a way to emerge as their very own barber with numerous tutorials. The clippers offer clip-on manual combs and anti-rust blades to give the precision that purchasers want to have for their precise appearance whether cutting, trimming or styling. With FREE Access to Professional Barber Master Classes, the