 I have always encrypted full OS encryption whenever I load any operating system for any of my computers, my desktop, my laptop. You know, it's especially a concern with laptops because well, they're easy to wander off with and you have a lot of information on them, especially in the case of like a sysadmin like myself with SSH keys and passwords and all kinds of stuff that could be stored on a laptop. So you practice good security hygiene by keeping it fully encrypted. Now that means disk encryption and follow it up with full OS encryption. Now I run Linux and it's arbitrarily a check box to do full disk encryption on any modern OS install. Pretty easy to do and doesn't really have a performance head anymore. Well, people have asked me like, Hey, why don't you just use the built-in encryption with the disk? And it's like, well, it's not real well documented how it all works. It's all magic, right? Because they would implement it properly. We can trust these people and it's not a government backdoor type thing. It's more of a, did they do it right? And it turns out they didn't. That's the whole point of this conversation. Flaws and popular SSD drives bypass hard disk encryption. It's a mouthful, but there's a lot to this. So they only tested a few of these drives. And what they did was they discovered that they could use the JTAG on the drive to reaccess the firmware reverse engineer it and learn that they weren't storing the self-encrypting drive passwords properly or with a way that was not unbreakable. So these security researchers set out and they put together an entire paper, how they did it, how they reverse engineered it, the methods they used to decrypt the encrypted drives. And this is actually really interesting. So these are one of the problems with a lot of hardware vendors when they don't do things in the clear and it's designed by committees that decide things without giving full public disclosure. And they go, hey, don't worry, we did this properly. And no one really checks it. So although the flaws are only found in some of these SSD drives, the flaws go much deeper because we don't know because no one's validated lots of these old spinning drives. So it turns out lots of people thought things were encrypted. Now, granted, this is not an average. We're just going to take it out and bypass it by jumping something. It is an advanced hack to do it. But still, these were supposed to be unbreakable other than the passwords. Now, for those of you that go, but I have BitLocker and Windows, I'm safe, right? Not exactly. See, BitLocker relies on that same tool to encrypt the drive because BitLocker's reliance on that, it assumes the underlying hardware is working properly. And because it's not, it is the same flaw. So BitLocker is just handling, handing it off to the drive. The drive is not properly storing the encryption and not properly encrypting the drive so it can be bypassed again. I'll leave you links to the bleeping computer article, the draft paper. If you want to read the details, there's a lot in here. They took their time doing this security research. It's a well thought out paper. They've contacted the vendors and kind of waiting on some updates from them. And but unfortunately, no one really ever updates the firmware drive. I mean, some of us do, but most people, these are going to wander around out there and granted, your average guy who grabs this laptop and steals it is not probably going to be able to go through the process. But the fact that they can on the system you thought was encrypted makes it definitely concerning about more information getting out there. These things being resold on the internet and people thought they were encrypted. And it turns out you can bypass them with some tools and a little hacking. But still, you can. And that's the point of this. So go ahead and encrypt everything. Use another layer of encryption like I do. I use the operating system Lux encryption. Whenever I'm setting up an OS that's Linux, I also make sure that I use thumb drives with Lux encryption so everything gets encrypted. My main drive, my data storage drive that I have in my system encrypt all the things. It lets you sleep a little better at night. It's not necessarily a tinfoil hat thing. But if anything ever happened, if somehow a machine wants to walk off or walk out of here, I don't have the worries that, oh, no, what's on that drive. I know it's gibberish to anyone who doesn't have my passwords. Still concerning if things walk off, but at least not panic attack. All right, thanks. And I'll leave these articles for you to do some further reading. Thanks for watching. If you like this video, go ahead and click the thumbs up. Leave us some feedback below to let us know any details, what you like and didn't like as well, because we love hearing the feedback. Or if you just want to say thanks, leave a comment. If you want to be notified of new videos as they come out, go ahead and subscribe and the bell icon that lets YouTube know that you're interested in notifications. Hopefully they send them as we've learned with YouTube. Anyways, if you want to contract us for consulting services, you go ahead and hit launch systems.com and you can reach out to us for all the projects that we can do and help you. We work with a lot of small businesses, IT companies, even some large companies and you can farm different work out to us or just hire us as a consultant to help design your network. Also, if you want to help the channel in other ways, we have a Patreon. We have affiliate links. You'll find them in the description. You'll also find recommendations to other affiliate links and things you can sign up for on LawrenceSystems.com. Once again, thanks for watching and I'll see you in the next video.