A speed benefit in solid-state disk design opens them up for attack

By Mark Coppock Published May 22, 2017

Solid-state disks (SSDs) offer some serious benefits over their older hard-disk drive (HDD) siblings. SSDs are faster by orders of magnitude than HDDs, and they’re fundamentally more reliable — particularly for mobile devices where moving parts can be affected by movement and drops.

As SSD pricing has dropped from being significantly more expensive than HDDs to only a little more expensive, the price-to-performance ratio has improved to where SSDs have become by far the preferred storage device. However, some new information suggests that SSDs aren’t perfect and bring a unique vulnerability to particular kinds of attacks, as ExtremeTech reports.

Recommended Videos

The details are complex and require digging into the details of how SSDs are designed and how they work. Researchers at Carnegie Mellon University were the first to uncover the flaw, and their findings are covered in copious technical detail in a recently published paper.

In simpler terms, the vulnerability affects particular kinds of SSDs that are based on multilevel cell (MLC) technology, which make up the majority of those currently being sold and developed. The vulnerability in question does not affect older single-level cell (SLC) devices. The most advanced 3D NAND flash used in some SSDs are not affected yet but could be affected in future designs.

The vulnerability leverages a design quality of MLC-based SSDs that actually confers some benefits, including lower latency and better performance. The problem stems from the fact that data is written into a buffer directly from the individual flash cell that’s going to be written and not from the SSD’s flash controller.

Again, it’s all very technical, but basically, data can be corrupted by an attacker introducing interference and introducing errors during the programming process. That can result in corrupted data and actual damage to an SSD.

The solution would be to buffer data into the SSD flash controller and allow the controller to correct errors. The problem with this response is that it would also increase latency by around 5 percent and thus reduce performance — something that manufacturers might not be quick to do in the consumer market in particular given the important of raw speed to selling SSDs.

In any event, there’s something else to worry about to go along with the waves of malware and ransomware attacks we’ve seen lately. Our SSDs aren’t as safe as we thought they were, and that’s all we needed.

Former Computing Writer

Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…

Topics

Tech News

Computing

It just got a lot easier to control a Windows 11 PC with your Android phone

Android smartphones now act as a multipurpose remote control for Windows 11 devices, offering instant locking, seamless file transfers, shared clipboard access, and easy screen mirroring.

microsoft-Phone-Link-app-windows-11

Microsoft has rolled out a significant upgrade to its Phone Link system and the "Link To Windows" app for Android, improving cross-platform connectivity with Windows 11. First and foremost, there's a new "Lock PC" toggle that lets you lock your Windows device remotely from your smartphone (provided the devices are connected).

According to a new report by Windows Latest, locking a Windows 11 PC from an Android phone takes a couple of seconds. Once unlocked, the PC reconnects to your phone. Besides that, the app also gets a "Recent Activity" feed that shows file transfers and clipboard history shared between the devices. There's a dashboard of the recent cross-device transactions.

Computing

AI chatbots like ChatGPT can copy human traits and experts say it’s a huge risk

AI that sounds human can manipulate users

phone-showing-ai-chatbots

AI agents are getting better at sounding human, but new research suggests they are doing more than just copying our words. According to a recent study, popular AI models like ChatGPT can consistently mimic human personality traits. Researchers say this ability comes with serious risks, especially as questions around AI reliability and accuracy grow.

Researchers from the University of Cambridge and Google DeepMind have developed what they call the first scientifically validated personality test framework for AI chatbots, using the same psychological tools designed to measure human personality (via TechXplore).

Computing

This advanced modular robot is ideal for Mars missions, its maker says

Swap out the parts to make different kinds of robots.

The Tron 2 robot.

LimX Dynamics is doing some fascinating work in the robotics arena. Four months after impressing us with its talented Oli humanoid robot, the three-year-old tech startup has just unveiled Tron 2, which, as its name cleverly suggests, is the follow-up to Tron 1.

Going by the video (top) released by LimX on Thursday, Tron 2 is an advanced, AI-powered modular humanoid robot featuring remarkable strength and movement.