Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

The only update I see there is MU05 from may 25th 2018.

 

According to Crucial Storage Executive MU05 is the latest update for my MX200.

 

 

Lee
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Same here MU05 from may 25th 2018. Thats why I asked ?
JEDEC Jedi

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

And as it says in its chaneglog, it fixes security vulnerabilities.

 

Drive manufacturers were made aware of this issue in April so they can get fixes out before it was publically known.

_______________________________________
How do I know what memory to buy?
Shop for your region: US | UK | EU | France | Global
I think my memory is bad. What do I do now?
FAQs and Top Forum Solutions
We want your feedback! Post in the Suggestion Box
Did a user help you? Say thanks by giving Kudos!
Still need help? Contact Customer Service
Want to be a Super User?
Highlighted
JEDEC Jedi

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs


@Crucial_AgentC wrote:

Micron has developed firmware patches to address vulnerabilities in the MX100, MX200 and MX300 products.  The MX100 and MX200 firmware updates are available today on crucial.com.  The MX300 firmware will be added on November 13, 2018.


Firmware update notes for MX100 and MX200 say:

Firmware revisions MU05 for the MX200 (all form factors) and MU03 for the MX100 (all form factors)

Release Date: 5/25/2018 (both updates)

  • Resolves security vulnerability

 

I think that's it since micron has been informed of this security problem in April 2018.

We shall try to confirm that, though.

______________________________________

FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
How do I know what memory to buy?
Still need help? Contact Crucial Customer Service
Remember to regularly backup your important data!

Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

One of the authors of this paper https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf wrote on a dutch forum

that the only change made in MU05 firmware is the disabling of JTAG.

 

All the other flaws mentioned in their paper haven't been fixed.

 

 

Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Biggest flaw in the MX100 and MX200 opal tcg implementation is that it is possible to decrypt without a password. Crucials MX100 en MX200 check if the password the user provides for decryption is the same as the one used for encryption. If both password are equal the drives decrypts. It's possible to disable the mentioned password check in the firmware and decrypt without checking the password.

 

Sorry for any mistakes. English is not my native language

Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

The right way to decrypt would be to use the supplied password to decrypt the DEK (Drive Encryption Key).

Then it would be impossible to decrypt without a password.

Lee
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

@opalTCGuser
Can you explain what you mean exactly with:
"The right way to decrypt would be to use the supplied password to decrypt the DEK (Drive Encryption Key).
Then it would be impossible to decrypt without a password."


I know latest update is from May 2018.
Why @Crucial_AgentC say on 6 November:

Micron has developed firmware patches to address vulnerabilities in the MX100, MX200 and MX300 products. The MX100 and MX200 firmware updates are available today on crucial.com. The MX300 firmware will be added on November 13, 2018.

Was firmware MU5 in May 25 the latest update?

Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

@Lee: The actual data written to the drive's flash is always encrypted with the DEK (Drive Encryption Key). By default this is not apparent to the user as it's within the drive, and data going in/out over AHCI is unencrypted, so from an external perspective the drive is unencrypted. This is why you can do a secure erase so quickly on SSDs - by telling the drive to generate a new DEK and forget the old one, all the data in the flash becomes instantly unusable.

 

To simplify the explanation of user-level hardware encryption, it basically lets the user set a password to protect the DEK. Unless that password is provided to the drive, it refuses to use the DEK to access the data on its flash. The bypasses in the research paper were mostly ways to trick the drive into giving up the DEK without the user providing the correct password, largely by exploiting security flaws to program the drives with hacked firmware.

 

What @opalTCGuser was referring to is cryptographic binding. Ideally the password you set is used as (part of) another key to encrypt the DEK, so the DEK doesn't exist in a usable form 'at rest' within the drive. In this design you have to use the password as input to the DEK decryption process, before you can then use the decrypted DEK to access the encrypted flash, so it doesn't matter what you do to the firmware. Unfortunately it seems some drives just use the password as a barrier to the DEK, and the DEK itself is stored unencrypted. If you can hack the firmware to remove that password check or accept a blank password, you're in because there is no 'at rest' encryption of the DEK.

Lee
Kilobyte Kid

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

@hoodoo
Thanks for your great explanation!