341
128 shares, 341 points

Korean researchers have identified a vulnerability in SSDs that allows malware to be placed directly in the over-provisioning section of the drive. Over-provisioning is a feature found in all modern SSDs that increases the lifespan and performance of the SSD’s onboard NAND storage.

On the other hand, this feature gives the SSD a chance to ensure that the data is evenly distributed among all the NAND cells by including the data in the overallocation pool when needed. This area is said to be inaccessible to the operating system and hence anti-virus tools. New malware can infiltrate these areas and use them as an operations base.

Researchers at Korea University modeled two attacks using space. The first demonstrates a vulnerability that targets invalid data (data that is deleted in the operating system but not physically deleted) inside the SSD. An attacker could potentially choose to change the size of the overprovisioned repository to obtain more sensitive data and provide additional free space to the operating system. Therefore, when a user wants to delete more data, the excess data in the SSD remains physically intact.

The second injects the firmware directly into the overprovisioning pool. In this example, two SSDs are connected as a single device and the overprovisioning is set to 50%. When an attacker injects malware into the over-provisioning section of the SSD, the OP range of the first drive drops to 25% of the total size of the SSD, then the range of the second SSD increases to 75%.

Here, the OP range of the first SSD is set to 25%, while malware is integrated into the partition of the second SSD. Ultimately, however, the OP space on both drives seems unaffected.

To counter the initial attack pattern, the researchers propose implementing an algorithm that physically deletes the data on the SSD without affecting real-world performance. Against the second model, it is proposed to implement a new monitoring system that can monitor the OP size of SSDs in real time.

Fortunately, the attacks were carried out by investigators and no real attacks were made. On the other hand, similar scenarios can happen in real life. Therefore, SSD manufacturers need to fix security vulnerabilities early.


Like it? Share with your friends!

341
128 shares, 341 points

What's Your Reaction?

hate hate
1226
hate
confused confused
736
confused
fail fail
368
fail
fun fun
245
fun
geeky geeky
122
geeky
love love
981
love
lol lol
1104
lol
omg omg
736
omg
win win
368
win
Michael Lewis

Emperor

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format