Published in News

NAND has security bug

by on29 May 2017

SSDs vulnerable to Rowhammer type attacks

NAND flash memory chips running solid-state drives (SSDs), include what could be called "programming vulnerabilities" that can be exploited to alter stored data or shorten the SSD's lifespan.

According to Bleeping Computer, the programming logic powering of MLC NAND flash memory chips -the tech used for the latest generation of SSDs - is vulnerable to at least two types of attacks.

The first attack is called "program interference" and takes place when an attacker manages to write data with a certain pattern to a target's SSD.

Writing this data repeatedly and at high speeds causes errors in the SSD, which then corrupts data stored on nearby cells. This attack is similar to the infamous Rowhammer attack on RAM chips.

The second attack is called "read disturb" and in this scenario, an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors" that alters the SSD's ability to read data from nearby cells, even long after the attack stops.

The research was first mentioned in a paper with the catchy title Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques, authored by six researchers from Carnegie Mellon University, Seagate, and the Swiss Federal Institute of Technology in Zurich.

Last modified on 29 May 2017
Rate this item
(0 votes)

Read more about: