• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Attacks Discovered that can Corrupt MLC-based SSD Data

R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
22,446 (3.44/day)
Location
Olympia, WA
System Specs
System Name Pioneer
Processor Ryzen 9 9950X
Motherboard MSI MAG X670E Tomahawk Wifi
Cooling Noctua NH-D15 + A whole lotta Sunon, Phanteks and Corsair Maglev blower fans...
Memory 64GB (2x 32GB) G.Skill Flare X5 @ DDR5-6200(Running 1T no GDM)
Video Card(s) PNY RTX 5080 OC
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs, 1x 2TB Seagate Exos 3.5"
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise (yes it's legit)
It appears that although MLC NAND-based SSDs have many advantages to HDD's from a physical-reliability point of view, the old spinning rust drives might still have one advantage over SSDs: A specially crafted write operation can't corrupt your data.

That's what a new report from Carnegie Mellon University, Seagate, and ETH Zürich is showing: That MLC-based SSD Drives are vulnerable to data-corrupting attacks as simple as a specially crafted write operation.




The first attack is compared to a "row hammer" attack, in which thrashing the drive with read or write operations along the border of a cell can corrupt legitimate data in nearby cells. Most attacks operate in variations of this principle, but some also rely on techniques such as special sequences of operations that will cause cached data and pages to be lost, effectively ruining your precious file the SSD was waiting to write to its media.

HDDs for their part, are not completely data safe even when they are operating correctly. They have a UBER (unrecoverable bit error rate) rating that indicates how often the HDD will make a (mostly random) mistake reading its data from the platter. This phenomenon (often referred to as "bit-rot") is not common in a correctly functioning HDD, but it does happen. The difference is it's not directly triggerable by a specially crafted write: Bit-rot errors are more or less random. Needless to say, the potential for malware to utilize this trigger-able corruption on your SSD is not a good thought at all.

If you want the technical details, they are available in the source link. For now, all you need to know is pretty much all SSDs are vulnerable to what was discovered here, but no exploits are live yet and due to there being no money in just wrecking your stuff (as opposed to say, ransoming it), there probably won't be a significant amount of malware featuring this exploit. Just practice good data hygiene as per usual and chances are all will be well. We don't mean to chase you back to HDD land just yet.

Oh, and one final caveat: SLC SSDs are immune, but good luck finding one that isn't outrageously expensive.

View at TechPowerUp Main Site
 
Last edited:
silentbogo said:
can?
Click to expand...

Uh, maybe. I was unaware of any HDD-based attacks when I wrote this short of sanitize commands, but @Solaris17 has an interesting article there that might beg to differ.

EDIT: Ah, I see what I did. I'm saying that's an advantage HDDs hold over SSDs, but honestly it could have been worded more clearly. The article Solaris linked while interesting, maintains that status quo.
 
Last edited:
Having read the details of this problem[ https://people.inf.ethz.ch/omutlu/pub/flash-memory-programming-vulnerabilities_hpca17.pdf ] I can't help but ask if this is something easy to pull off.

First, you need to create code that can directly access the SSD controller as most OS's disallow such access by default. Second, you need the code for interfacing with the SSD controller of target, not easy as there are literally 1000's of different controllers out there. Third, you would need to write your code for the host OS[generally]. Fourth, you need to engineer an injection method to the host system. Any code that matches these characteristics is going to be flagged by any competent AntiMalware/AntiVirus. This would be near impossible to pull off unless you had direct physical access to the system you want to affect.
 
R-T-B said:
Uh, maybe. I was unaware of any HDD-based attacks when I wrote this short of sanitize commands, but @Solaris17 has an interesting article there that might beg to differ.

EDIT: Ah, I see what I did. I'm saying that's an advantage HDDs hold over SSDs, but honestly it could have been worded more clearly. The article Solaris linked while interesting, maintains that status quo.
Click to expand...
Just move it to the same paragraph as the rest of the sentence - it will make more sense.
Seeing this line separately completely threw my brain off balance.
 
PowerPC said:
And all this doesn't apply to TLC-NAND drives?
Click to expand...

Hard to say. Some reports I've read say it does, some say it does not. Admittedly it's a bit too over my head to tell you either way.

lexluthermiester said:
Having read the details of this problem[ https://people.inf.ethz.ch/omutlu/pub/flash-memory-programming-vulnerabilities_hpca17.pdf ] I can't help but ask if this is something easy to pull off.

First, you need to create code that can directly access the SSD controller as most OS's disallow such access by default. Second, you need the code for interfacing with the SSD controller of target, not easy as there are literally 1000's of different controllers out there. Third, you would need to write your code for the host OS[generally]. Fourth, you need to engineer an injection method to the host system. Any code that matches these characteristics is going to be flagged by any competent AntiMalware/AntiVirus. This would be near impossible to pull off unless you had direct physical access to the system you want to affect.
Click to expand...

Thanks for the insight. Yes I read it but a lot of the low level logistics of it go over my head. Your insight here is appreciated. I'm way too used to thinking of storage as just a logical block device. :)
 
R-T-B said:
Thanks for the insight. Yes I read it but a lot of the low level logistics of it go over my head. Your insight here is appreciated. I'm way too used to thinking of storage as just a logical block device. :)
Click to expand...
Same here, which is what motivated the deeper read. Generally, it is difficult to target a device within a system. So while this vulnerability exists and CAN be attacked, it would take a serious effort. This is not likely to turn into a problem.. But it is good to be aware of.
 
This is nothing really ground breaking. Any kind of electronic can be compromised in such way, its just matter of determination and resources. Fortunately it would require physical access to the system in question and plenty of time to do the shenanigans without risk of getting caught.

If somebody is terrified then winning the lottery comes with same odds as this ^ one.
 
You must log in or register to reply here.
Back
Top