Although Windows comes with its own full-volume encryption tool called BitLocker, SSDs that claim to offer their own hardware encryption have been approved by the tool and left alone.
Now, after a recent Windows 10 update, Microsoft will assume that the connected SSDs are not encrypted.
In an article on Twitter, SwiftOnSecurity explained why the software giant decided to stop trusting SSD manufacturers:
"Microsoft gives up SSD manufacturers: Windows no longer trusts readers who claim to be able to encrypt themselves, BitLocker uses default AES encryption with processor acceleration. This follows a presentation on big issues related to firmware-based encryption . "
A report published in November 2018 revealed that the self-encrypting drives had a number of security vulnerabilities, including the use of manufacturer-defined master passwords. This means that those who bought SSDs that supposedly help protect their data could also have bought a drive that doesn't support its own encryption.
SSD encryption
Users who bought self-encrypting drives weren't as thoughtful as Microsoft had set it up for BitLocker to leave them completely alone. This was intended to improve performance without compromising the security of these disks because they could use their own hardware to encrypt their content instead of using a system's processor. However, it now appears that Microsoft will no longer rely on SSD manufacturers to protect their customers' data.
In its release notes for Windows 4516071 update KB10, the company explained the changes to the way BitLocker handles autocrypt-enabled drives, as follows:
"Change the default BitLocker setting when encrypting a self-encrypting hard drive, and the default encryption is to use software encryption for newly encrypted drives." For existing drives, the encryption type is not available. it's not going to change ".
It would be nice if the self-encrypting SSDs are as secure as they claim, but at least users can now rest easy knowing that BitLocker will secure their drives.