BYPASSING SELF-ENCRYPTING DRIVES (SED) IN ENTERPRISE ENVIRONMENTS presented at BlackHatEU 2015

by Kevvie Fowler, Daniel Boteanu,

Summary : For years, Full-Disk Encryption (FDE) solutions have been advertised as the "silver bullet" solution to protect against the unauthorized disclosure of sensitive data at rest. Hardware-based FDE, known as Self-Encrypting Drives (SED), have reportedly zero overhead and enhanced security in contrast to software encryption alternatives and have already been adopted by organizations across the world.
Unknowingly, organizations using SED have been sitting on a critical exposure to their data that they thought was encrypted.
This session will explore SED solutions, a newly discovered vulnerability that allows you to circumvent their protection mechanisms and how organizations can protect themselves against this new threat.