Researchers at the University of Korea have demonstrated a method of attacking SSDs that can hide malware from security systems and make it invulnerable even to user actions. Exploitation takes place on disks with flex capacity and allows for the creation of an invalid space in which the pest would settle, generating persistence and remaining unchanged while active, requiring highly specialized analysis before it ceases to function.
- Are SSDs really more reliable than hard drives?
- Phishing, fake apps and leaks: what will be the main dangers in 2022?
According to the study, the problem lies in how the feature, developed by Micron Technology, allocates available space to improve performance. Under normal circumstances, the system automatically adjusts such limits, between available and user-allocated, to absorb high workloads. The exploit takes advantage of a buffer called over-provisioning to install pests and maintain persistence.
The volume, which can range from 7% to 25% of a disk's total space, becomes invisible to the operating system and other applications, meaning that security platforms would be unable to detect the plague. Meanwhile, according to the researchers, this is also an area that may receive little attention from available technology, with a forensic analysis showing that the area, on certain SSD models, has gone more than six months without system cleaning.
Podcast Porta 101 : the A Market Analysis team discusses relevant, curious, and often controversial issues related to the world of technology, internet and innovation every two weeks. Be sure to follow along.
It is more than enough time for the deployment of malicious code and different types of criminal exploitation, especially when taking into account that, by manipulating the firmware, an attacker can expand this space according to his own needs. Lack of cleanliness is also related to saving and optimizing system resources, but could lead to exposure of sensitive information and infrastructure attacks, if the plague is deployed on servers, for example.
SSD firmware breach may facilitate third-party data control
The proof of concept at the University of Korea, in the capital Seoul, was presented to experts and manufacturers alike, but for now, there is no evidence of exploitation. Scholars point out that, more than cybercriminal attacks, the vulnerability could also be used to hide sensitive information, without monitoring software being able to detect the compromised sector.
As mitigation measures, experts recommend the implementation of systems that clean these sectors from time to time, with algorithms that indicate the best time to do this without interfering with performance. Another method involves monitoring data entry into the SSD, following this movement in real time and focusing on sectors optimized by the system in order to detect criminal activity or successive accesses to sectors that should be inactive. Micron, on the other hand, has yet to comment on the study.
Read the article on A Market Analysis .
Trending at A Market Analysis:
- Fiat retires four cars at once in Brazil; see what they were
- Top 10 Most Powerful Cell Phones December 2021 has Xiaomi at the top
- Samsung Announces Galaxy S21 FE with Exynos 2100, 120 Hz Screen and More
- Volkswagen starts 2022 by increasing 5 car prices; guess which ones?
- See photo of the asteroid that approached Earth on Sunday (2)