Although Windows ships with its own full volume encryption tool called BitLocker, SSDs that claimed to offer their own hardware-based encryption were trusted by the tool and left alone.
Now though, after a recent update to Windows 10, Microsoft will assume that connected SSDs don't actually encrypt anything.
In a Twitter post (opens in new tab), SwiftOnSecurity described why the software giant has decided to no longer trust SSD manufacturers, saying:
“Microsoft gives up on SSD manufacturers: Windows will no longer trust drives that say they can encrypt themselves, BitLocker will default to CPU-accelerated AES encryption instead. This is after an exposé on broad issues with firmware-powered encryption. “
- Windows 10 adds security feature to ensure encrypted SSDs aren’t compromised
- These are the best SSDs of 2019
- New Samsung SSDs for servers double in speed and can 'never die'
A report (opens in new tab) released in November of 2018 revealed that self-encrypting drives have a number of security flaws including the use of master passwords set by manufacturers. This means that those who purchased SSDs which were supposed to help keep their data secure might as well have purchased a drive that did not handle its own encryption instead.
Users who purchased self-encrypting drives were actually worse off than they thought as Microsoft set up BitLocker to leave these drives alone completely. This was done to help performance without compromising the security of these drives as they could use their own hardware to encrypt their contents instead of using a system's CPU. However, now it seems as though Microsoft will no longer trust SSD manufacturers to keep customers data safe on their own.
In its release notes for the KB4516071 update (opens in new tab) to Windows 10, the company explained the changes it had made to how BitLocker handles self-encrypting drives, saying:
"Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change."
While it would be nice if self-encrypting SSDs were as secure as they claim to be, at least now users can rest easy knowing that BitLocker will secure their drives.
- We've also highlighted the best encryption software of 2019