Self-Encrypting Deception

Explore critical weaknesses in hardware full-disk encryption implementations of Self-Encrypting Drives (SEDs) from major manufacturers Samsung and Crucial. Dive into the reverse engineering of SED firmwares, uncovering vulnerabilities that allow complete data recovery without knowledge of any secret. Learn how BitLocker, Windows' built-in encryption software, can be compromised when relying on hardware encryption. Examine the challenges to the notion that hardware-based full-disk encryption is superior to software implementations. Understand the implications for data protection regulations and the limitations of purely software-based encryption. Discover the methodology used to analyze SEDs, including case studies and demonstrations of exploits. Gain insights into the standards, pitfalls, and future considerations for secure data storage in this eye-opening 59-minute conference talk from the 35th Chaos Communication Congress.

Intro
What is selfencrypting
Security guarantees
Standards
Pitfalls
Methodology
Case Studies
Demo
Flashing
VirtualBox
Questions