Self-encrypting drives are hardly any better than software-based encryption

Daniel Boteanu and Kevvie Fowler from KPMG Canada demonstrated three data recovery methods against laptops using SEDs at the Black Hat Europe security conference in Amsterdam Thursday.

Self-encrypting drives perform the data encryption and decryption operations on a dedicated crypto processor that is part of the drive controller. That gives them several, mainly performance-related, benefits compared to software-based encryption products which rely on the CPU.

The main security benefit is that the encryption key is not stored in the OS memory, but on the disk itself, which makes it less exposed to theft. However, some attacks that work against software-based encryption products also affect SEDs, including evil maid attacks and those that bypass Windows authentication, the researchers said.

Boteanu and Fowler focused their research on laptops with SEDs that are compatible with the Trusted Computing Group (TCG) Storage Security Subsystem Class standard, also known as Opal, and Microsoft's Encrypted Drive (eDrive) standard, which is based on Opal.

These drives are the most attractive for enterprise deployments because they can be easily managed. SEDs operating in eDrive mode for example are managed through BitLocker, Microsoft's full disk encryption technology for Windows.

The researchers tested combinations of Lenovo ThinkPad T440s, Lenovo ThinkPad W541, Dell Latitude E6410 and Dell Latitude E6430 laptops with Samsung 850 Pro and PM851 solid-state drives or Seagate ST500LT015 and ST500LT025 hard disk drives, operating in either Opal or eDrive modes.

The attacks they demonstrated show that the Opal and eDrive standards can't guarantee the security of data in situations where a laptop is in sleep mode and not turned off completely.

Once a SED is unlocked, it remains in that state until the power to it is cycled or a deauthentication command is sent. When the laptop is put in sleep mode the drive state is locked, but when it resumes from sleep, the pre-boot management software, which is already loaded in memory, unlocks the drive. This happens even if Windows itself remains locked and requires the user's password to log in.

The researchers devised three attacks to take advantage of this situation. The first is called a hot plug attack and involves removing the drive from the laptop while in sleep mode and connecting it back using SATA data and power extension cables.

The laptop is then awakened and the management software unlocks the drive. The attacker can then unplug the SATA data cable only from the laptop and connect it to a different computer or laptop to access the data on the drive.

The researchers tested this attack successfully against all 12 Opal and eDrive configurations.

In order to mitigate it users should always power off their laptops or put them in a hibernation state when they leave them unattended. IT administrators can also disable the sleep mode through policies.

In the future, laptop manufacturers could add mechanisms to detect if the drive gets unplugged while the computer is in sleep mode and trigger a hard reset, the researchers said. SED manufacturers could also detect if the SATA interface is disconnected and lock the drive automatically.

The second attack does not involve removing the drive from the laptop and instead forces the laptop to perform a soft reset by triggering a critical error (BSOD) in Windows. A soft reset does not cycle the power to the self-encrypting drive so it keeps it in an unlocked state.

If the laptop is in sleep mode, it can first be woken up to unlock the drive. The attacker can then connect a special circuit board called a Facedancer to the laptop via USB. This board can emulate various USB devices and can also be used to trigger a BSOD in Windows.

When the laptop reboots, as a result of the critical error, the attacker can use the special function key to access the boot menu and boot from an alternative source, like a USB thumb drive with a live Linux installation. He can then use Linux to access the data on the drive, which is still unlocked.

This attack worked on eight Opal configurations, but not on Lenovo laptops with SEDs operating in eDrive mode.

To mitigate this type of attack, IT administrators can disable Windows' option to automatically restart on BSOD and can also lock down BIOS/UEFI so that attackers can't boot from external media.

The third attack is called a hot unplug attack and is more difficult to pull off because it requires exposing the drive's SATA pins while still running, attaching another power source to it, removing the drive while maintaining the alternative power and connecting it to a different computer.

The researchers disclosed their findings to the Trusted Computing Group and the U.S. Computer Emergency Readiness Team (US-CERT). They've also been in contact with Lenovo which is looking into potential mitigations.

The takeaway is that SEDs are insecure by default when the laptops they're installed in are powered on or in sleep mode, but hardened deployments can mitigate the risks, the researchers said.

The bad news is that it's almost impossible to detect if these attacks have occurred after the fact, which means that some companies might want to reevaluate the potential impact of some of their laptop loss or theft incidents if they relied on this technology to protect data.