Go to Top

“Cracked” Samsung SSD Controller Encryption

The pitfalls of automatic hardware encryption of fast Samsung SSD hard drives have been fatal for three senior staff members of a reputable audit firm. When the laptops of the managers were booted again after crashing, the three built-in Samsung SSDs of the 840 PRO Series were no longer recognised. Important customer data, unavailable elsewhere, were impossible to access. In view of this disaster, the only way out was to resort to professional data recovery.

Background

The Samsung SSD hard drives of the 840 EVO and PRO series use automatic encryption by default, without the user having any knowledge about it. Every time the drive is accessed, the controller queries the key installed on the hard disk to activate it. But if for some reason the controller stops working – whether due to a defect or to a failed firmware update – the hard drive will no longer respond.

It was impossible to restore the contents of the affected SSDs using normal data recovery methods due to the failure of the installed SSD controllers. However, our engineers were able to “outsmart” the encryption using a special trick:

The solution

The first thing attempted to gain access to the data on the hard drives was to try to get the failed controller back to work. By repairing the controllers’ firmware, it was possible to read the encrypted data and copy them to an external storage medium. The next step was to set up identical, brand-new Samsung SSD hard drives of the same series. The controllers of the new SSDs were then modified using special software to turn off the hard disk encryption. Subsequently, the original data from the laptops were copied to the new SSDs and the controllers were “armed” again with the internal special tool.

Result

The original data was “unpacked” on the new SSDs with the “new” controller keys and were now present in their original form. After decrypting them again using a password – because the data had been additionally password-protected by the customer – they could be recovered completely.

Overall, nearly one gigabyte of data of the company laptops concerned could be recovered. But this method will not always be successful. It largely depends on the manner in which the manufacturers use the controllers to encrypt their SSD hardware. In this particular case, it was obvious that all hard drives of a particular Samsung SSD PRO series showed the same fault. However, depending on the circumstances, other cases may be completely different.

Bonus tip

We advise that when buying an SSD hard drive, you should make sure that it comes with no automatic hardware encryption implemented. In any case, a strong software encryption based on so-called symmetric or asymmetric methods is preferable. But again: In case of failure of a software-encrypted SSD the responsibility is solely the user’s and not the manufacturer’s. Without an available and separately secured key, not even data recovery specialists will be able to help in such cases.

, , , , , , ,

One Response to "“Cracked” Samsung SSD Controller Encryption"

  • TimC
    23 January 2016 - 10:54 am

    Was ATA password set for the drive in BIOS? If so, would it be possible to recover data if the password was lost?

Leave a Reply