Research has detected two security flaws in SSDs, which causes an attacker to significantly shorten the life of the SSD, to corrupt it in just a few hours.

Security holes and back doors, with a fairly clear example, such as the WannaCry ransomware, but there are more problematic vulnerabilities in the network than 'crappy' software that blocks data. SSDs have a finite cycle of reads and writes and when these are exhausted, it becomes a read-only unit (we do not lose data, we simply cannot put more data). This means that as we use the hard drive, its life shortens, but the problem is not that, but two vulnerabilities that take advantage of this failure to destroy the units.

An SSD is made up of NAND memories, similar to those that we could find in a pen drive or a smartphone, come on, it is everywhere and it is a growing type of storage that is displacing traditional HDDs. The first units were SLC or what is the same, each transistor was capable of storing one bit of information. In 2015 the MLCs arrived, which allow two bits per transistor to be stored, which doubles the capacity of these units.

It is precisely the MLC memory units that have a vulnerability that appeared after an investigation, which has managed to demonstrate that the logic programming in the MLC units has a vulnerability, with at least two types of attack that have been detected and detailed on the research. The first has been called 'Programming interference'. This attack is based on writing data through a very specific pattern on the target SSD, which would cause a data pattern that would be causing at least 4.9 times more errors than usual. This causes the logic programming of the MLC memories to cause certain interferences in the neighboring cell of the NAND memory.

This vulnerability allows the attacker to corrupt the data stored in the SSD drives and also shortens the useful life of the SSD drive, causing repetitions in these drives until they become only read drives. This attack would be quite similar to the well-known Rowhammer, which is used in RAM memories and which, by means of reading and writing cycles, causes interference in adjacent cells.

We move on to the second type of attack, which does not affect MLC SSDs, but is based on the logic programming of the NAND memory chips. What is sought with this is the generation of the greatest number of possible read cycles in the shortest possible time, which causes failures in the reading process. It has been referred to as 'network disturb errors', which corrupt the ability of SSDs to reliably store information in the future.

So, any attacker who can gain access to our computer and can access our SSD unit in an adjacent way, can carry out this attack that shortens the useful life of the units through either of these two processes. Normally SSDs, with average use, can last between ten and twenty years, approximately, without detecting the slightest problem, but with an abuse in the generation of read and write cycles, this would be significantly shortened.

Source: bleepingcomputer