Windows 10's Bitlocker feature will now use software encryption on SSDs by default

What just happened? Most people who buy SSDs and use the baked in hardware encryption capabilities as provided by manufacturers trust their data to be safe. However, it turns out the firmware on these devices is prone to relatively simple attacks that offer hackers an easy way to access your data, so Microsoft is changing the default Windows 10 behavior to use software-based AES encryption regardless of any encryption done internally by the SSD itself.

SSDs are getting faster and cheaper every year, but there's one feature that is as important to professionals, and that is security and encryption. Judging by a security advisory issued by Microsoft last year, it looks like manufacturers are leaving a lot be desired in that regard.

The company received many reports of vulnerabilities in the hardware encryption used by self-encrypting drives, so it made some changes with a recent Windows 10 update to enable software encryption by default on any newly connected SSDs. This was discovered by SwiftOnSecurity, who believes Microsoft no longer trusts SSD manufacturers after research has shown that firmware can be easily exploitable thus making locked down data accessible. Even more concerning is that manufacturers like Seagate expose the update process so much that a determined hacker can easily compromise a storage drive.

On a more positive note, enterprise-class SSDs do feature stronger encryption and have better quality firmware, so Microsoft is likely targeting consumer devices with the change. It's also worth noting that modern CPUs have special instructions that greatly reduce the performance hit that comes with using software encryption. The change will not apply to existing drives, but you can switch them over to software encryption by unencrypting and then re-encrypting them if you so desire.