Computer

They detect 2 vulnerabilities in the SSD: correcting them will reduce their life

This reserved space is hidden from the operating system, because it is the SSD controller itself that dictates everything described above, so the OS cannot manage anything. Only through the proprietary software of the brand this can be observed and modified in size, but little more.

What is the problem? Well, since the OS does not have access, the antivirus cannot see said physical space either, so introducing malware there is not only an achievement, but it is undetectable when it is executed.

Two vulnerabilities in SSD, how do they manage to do it?

info-disclosure

It has not been explained how to violate the security of the controller and the attached software, we assume that for security reasons, since the study has been carried out by Korean researchers from the University of Korea in Seoul, but they have shown how they can attack from the OP (Over Provisioning).

The first attack would be done with the invalid data and discarded from the OS, or simply deleted, because that data remains in the OP and then be permanently eliminated and thus not reduce the capacity or performance of the SSD. The problem would go so far that the malware could modify the space allocated for the OP and thus get more confidential data.

In case you did not know, an SSD does not erase the data physically speaking until the controller does not consider it necessary or the erasure is forced manually from a specific software, which not everyone knows how to do and in the first case the data remains a time on the SSD, which gives the malware time to act.

injecting-malware

The second method is related to two or more SSDs, which may or may not be in RAID, where, in order not to raise suspicions, the malware could modify the capacity of one of the two devices to increase the size and capture the greatest amount of data.

Normally the distribution between the SSDs and the OPs is 50-50, but malware can vary them for example to 25% in the first and 75% in the second. The operating system will not see any change, since supposedly the distribution would remain the same and fair, but it is not true.

The solution will not like

In order for this not to be carried out, the researchers suggest implementing an algorithm in the controller and firmware of the SSDs that pseudo-deletes the OP and permanently eliminates that data that is integrated there without affecting the performance of the device.

In addition to this, a monitoring system would be required that warns us about the modification of the OP in one or more SSDs in real time, where it is also requested that the manufacturers’ tools to vary the OPs are much safer or more restrictive towards the Username.

Format disk or SSD

Now it remains to be seen if the manufacturers are going to patch their SSD devices, both internal and external, since when this comes to light it is more than likely that we will see the first real attacks in not long time.

The counterpart, logically, is that performing pseudo deletions implies reducing the useful life of the SSD due to the wear and tear that this will imply, since it would be a logistical task scheduled every little time. The greater the number of erasures, there will be greater degradation of the cells when their states and voltages change, so it remains up to the air how they are going to balance something so complicated so that we hardly have a reduction in useful life.

Related Articles

Leave a Reply

Your email address will not be published.