Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

It should be noted the bad guys must have physical access to these SSDs. It is not a vulnerability they can exploit remotely, or via malware. They have to have physical possession of the drives. Note in that The Hacker News article where it says, (my bold underline added)

Or in this Bit-Tech article on the same vulnerability, note where it says, (again, my bold underline added)

That's a BIG IF!

I am not trying to minimize this issue. It is definitely worrisome as some users choose SSDs over hard drives just because of the integrated hardware based encryption. But again, to exploit this vulnerability, a bad guy would have to be inside your home or place of business. He would then have to steal your computer, or take the time to open it and take the SSD - all without getting caught. And then, take the time to decrypt the personal files on your drive, in the hopes there might be some valuable information they can sell or use against you.

That's a lot of work for someone probably looking for drug money - unless you (or your company) are being targeted specifically. If you are being specifically targeted by badguys, law enforcement (or foreign spies! ) you have bigger problems to deal with.

For most home consumers, the lessons learned are to (1) keep current backups of your data, and (2) run "Secure Erase" on your SSDs before you get rid of them - just as you should keep current backups and "wipe" your hard drives before getting rid of them.

 

Very true. And like I said, I am not trying to minimize the issue. But I contend the vast majority of those "lost" notebooks didn't end up with their data stolen. The lost notebook just found new homes and were used by the new owners who simply overwrote the data. And of course, hard to blame the SSD when the fault is really due to user carelessness and inaction.

And I think the majority of notebooks still come with hard drives.