SSD Drives Vulnerable to Attacks That Corrupt User Data

by Hilbert Hagedoorn on: 05/23/2017 07:37 AM | source: | 3 comment(s)

New research describes two vulnerabilities that could affect SSD drives utilizing MLC technology: "program interference" and "read disturb." In the first, an attacker can corrupt data or reduce the lifespan of a drive by writing data with a certain pattern: specifically, the data pattern makes an MLC's programming logic cause 4.9 more errors than usual.

For the second type of attack, exploit code can force an SSD to perform a large number of writes in a short period of time, which also results in data corruption and degradation of the drive's storage abilities. I'm going to assume these attacks are more complicated than described, since SSDs can stand up pretty well even when atypical amounts of data are being written, reports bleeping computer.

The first of these attacks, which they named a "program interference," takes place when an attacker manages to write data with a certain pattern to a target's SSD.

The exploit's data pattern causes the MLC's programming logic to cause 4.9 more errors than usual, which comes with the side-effect of triggering interference in neighboring NAND flash memory cells.

The side-effects are that an attacker can corrupt local data, or even shorten an SSD's lifetime, if he can cause repeated interference. This is because an SSD's lifetime is defined by the number of finite read-write operations it can perform on its flash memory chips before they lose their ability to remain charged between reboots.

This type of interference attack is similar to the Rowhammer attack on classic RAM memory chips, where an attacker bombards a row of RAM memory cells in repeated read-write operations, causing electrical interference that flips the bits of nearby cells.

The second vulnerability researchers discovered in the programming logic of NAND flash memory chips is what they called a "read disturb."

In this attack scenario, an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors."

Researchers say these read disturb errors will "corrupt both pages already written to partially-programmed wordlines and pages that have yet to be written," ruining the SSD's ability to store data in a reliable manner in the future.

More details about this research are available in the paper entitled Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques, authored by six researchers from Carnegie Mellon University, Seagate, and the Swiss Federal Institute of Technology in Zurich.

Their work was showcased at the proceedings of the 23rd International Symposium on High-Performance Computer Architecture (HPCA) Industrial Session, held in Austin, Texas, this past February.

Related Stories

Sony Asia releases SLW-M series 2.5in SSD drive - 02/04/2016 09:04 AM
Interesting, it now seems that even Sony (though the Asia division) is entering the NAND flash storage business for consumers as they release the SLW-M series 2.5" SSD drive....

SSD drive shipments have tripled last year - 08/09/2013 06:53 AM
Solid state disk (SSD) drives have more than tripled in sales over the past year, a market tracker report from analytics firm IHS has revealed, thanks to their growing adoption within ultrathin PCs, u...

OCZ Talos SSD Drive with VCA 2.0 Support - 07/27/2011 09:30 AM
OCZ Technology released a refresh of the Talos Serial Attached SCSI (SAS) 6Gb/s SSDs with OCZ's proprietary Virtualized Controller Architecture (VCA) 2.0. Designed for enterprise applications with mix...

Corsair launches P128 and P64 SSD drives - 06/26/2009 08:25 AM
Corsair today announced two new products in its Performance Series SSD family: the P128 and P64 high-performance solid-state drives. Building on the success of the award-winning P256 SSD, the Corsair ...

OCZ announces SLC based Vertex SSD drives - 04/21/2009 07:38 AM
Aah, this is kickass, very expensive .. but very kickass ! OCZ unveiled their OCZ Vertex EX 2.5

Raplapla
Member

Posts: 29
Joined: 2016-12-16

#5434889 Posted on: 05/23/2017 12:50 PM

"4.9 more errors than usual" does not mean anything…

fry178
Senior Member

Posts: 1660
Joined: 2012-04-30

#5435107 Posted on: 05/23/2017 08:47 PM

claydough
Member

Posts: 67
Joined: 2015-01-10

#5436372 Posted on: 05/26/2017 09:10 PM

dont understand why everyone still talks about write cycles,when almost all info (data center etc) shows that ssd drives are mainly dying of "age" (not amount of written data).
+25% of chips start failing after 2-3y.

@Raplapla
as i read it, its 4.9x times more, and THAT is significant.

How intensive would typical Data Center usage be then compared to an enthusiast's?
Hate to quote experiential evidence because personal experience means squat statistically...
But should I feel lucky to still have my original Crucial c300 256 chugging away with an OS on it? Or would an 8 year old SSD be normally viable compared to the sad long legacy of bricked mechanical hard drives I suffered for nearly 30 years?
( which I gotta believe is a higher fail rate... at least in the 90's scsi/ide than early SSD adoption suffers percentage wise for "enthusiast use". Which is probably harsher than typical consumer non usage use? )

Post New Comment

Click here to post a comment for this news story on the message forum.