Firmware attack can drop persistent malware in hidden SSD area

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,114
Content source
https://www.bleepingcomputer.com/news/security/hiding-malware-inside-the-flex-capacity-space-on-modern-ssds/
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions.

The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by SSD makers these days for performance optimization on NAND flash-based storage systems.

Hardware-level attacks offer ultimate persistence and stealth. Sophisticated actors have worked hard to implement such concepts against HDDs in the past, hiding malicious code in unreachable disk sectors.

Flex capacity is a feature in SSDs from Micron Technology that enables storage devices to automatically adjust the sizes of raw and user-allocated space to achieve better performance by absorbing write workload volumes.
Click to expand...
The researchers note [PDF] that forensic activity on NAND flash memory can reveal data that has not been deleted in over six months.

In a second attack model, the OP area is used as a secret place that users cannot monitor or wipe, where a threat actor could hide malware.

Example of malware injection in the OP space

Example of malware injection in the OP space
Source: Arxiv.org
The paper describes this attack as follows:
It is assumed that two storage devices SSD1 and SSD2 are connected to a channel in order to simplify the description. Each storage device has 50% OP area. After the hacker stores the malware code in SSD2, they immediately reduce the OP area of SSD1 to 25% and expand the OP area of SSD2 to 75%.
At this time, the malware code is included in the hidden area of SSD2. A hacker who gains access to the SSD can activate the embedded malware code at any time by resizing the OP area. Since normal users maintain 100% user area on the channel, it will not be easy to detect such malicious behavior of hackers.
Click to expand...
The obvious advantage of such an attack is that it is stealthy. Detecting malicious code in OP areas is not only time-consuming but also requires highly-specialized forensic techniques.
Click to expand...
www.bleepingcomputer.com

Firmware attack can drop persistent malware in hidden SSD area

Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that's beyond the reach of the user and security solutions.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Last edited:
  • +Reputation
  • Wow
  • Like
Reactions: Venustus, South Park, harlan4096 and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • Love
Hardware We may finally see SSD prices go back down later this year
Replies
0
Views
346
Technology News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
Malware News 1.3 million Android-based TV boxes backdoored; researchers still don’t know how
Replies
0
Views
1,631
Security News
Gandalf_The_Grey
Gandalf_The_Grey
H
Advice Request Is 3-2-1 backup strategy still works best for a NAS array of large capacity HDDs?
Replies
6
Views
278
Hardware Discussions
SpiderWeb
SpiderWeb

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top