Windows comes with its own BitLocker volume encryption tool. SSDs that claim to have their own hardware-based encryption were trusted by the tool and left alone.
However, after a recent update to Windows 10, Microsoft assumes that connected SSDs do not actually encrypt anything.
In one Twitter post, SwiftOnSecurity described why the software giant decided not to trust SSD vendors anymore:
"Microsoft abandons SSD manufacturers: Windows no longer trusts drives that indicate that they can encrypt themselves. Instead, BitLocker uses CPU-accelerated AES encryption by default. This is after a synopsis to general issues of firmware-based encryption. "
A November 2018 report found that self-encrypting drives have a number of security vulnerabilities, including the use of master passwords set by manufacturers. This means that those who bought SSDs to help protect their data might also have purchased a drive that does not have its own encryption.
In fact, users who bought self-encrypting drives were worse off than they thought when Microsoft set up BitLocker to completely leave these drives alone. This was done to improve performance without compromising the security of these drives because they could encrypt their contents using their own hardware rather than using the CPU of a system. Now, however, it seems Microsoft would no longer trust the SSD manufacturers to protect the customer data themselves.
In the Release Notes for the KB4516071 update to Windows 10, the company explained the changes it had made to the handling of self-encrypting drives by BitLocker.
"Changes the default setting for BitLocker when encrypting a self-encrypting hard disk By default, software encryption is now used for re-encrypted drives, but with existing drives, the type of encryption does not change."
While it would be nice if self-encrypting SSDs were as secure as they claim, users can at least now count on BitLocker to protect their drives.
The price written on this page is true as the time it is written. It may change at any moment.