Skip to main content

A speed benefit in solid-state disk design opens them up for attack

Solid-state disks (SSDs) offer some serious benefits over their older hard-disk drive (HDD) siblings. SSDs are faster by orders of magnitude than HDDs, and they’re fundamentally more reliable — particularly for mobile devices where moving parts can be affected by movement and drops.

As SSD pricing has dropped from being significantly more expensive than HDDs to only a little more expensive, the price-to-performance ratio has improved to where SSDs have become by far the preferred storage device. However, some new information suggests that SSDs aren’t perfect and bring a unique vulnerability to particular kinds of attacks, as ExtremeTech reports.

Recommended Videos

The details are complex and require digging into the details of how SSDs are designed and how they work. Researchers at Carnegie Mellon University were the first to uncover the flaw, and their findings are covered in copious technical detail in a recently published paper.

In simpler terms, the vulnerability affects particular kinds of SSDs that are based on multilevel cell (MLC) technology, which make up the majority of those currently being sold and developed. The vulnerability in question does not affect older single-level cell (SLC) devices. The most advanced 3D NAND flash used in some SSDs are not affected yet but could be affected in future designs.

The vulnerability leverages a design quality of MLC-based SSDs that actually confers some benefits, including lower latency and better performance. The problem stems from the fact that data is written into a buffer directly from the individual flash cell that’s going to be written and not from the SSD’s flash controller.

Again, it’s all very technical, but basically, data can be corrupted by an attacker introducing interference and introducing errors during the programming process. That can result in corrupted data and actual damage to an SSD.

The solution would be to buffer data into the SSD flash controller and allow the controller to correct errors. The problem with this response is that it would also increase latency by around 5 percent and thus reduce performance — something that manufacturers might not be quick to do in the consumer market in particular given the important of raw speed to selling SSDs.

In any event, there’s something else to worry about to go along with the waves of malware and ransomware attacks we’ve seen lately. Our SSDs aren’t as safe as we thought they were, and that’s all we needed.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Upgrade to this Alienware 4K QD-OLED gaming monitor while it’s $300 off
Cyberpunk 2077 being played on the Alienware 32 QD-OLED.

The powerful machine you purchased from gaming PC deals should be paired with a premium display, and the 32-inch Alienware 4K QD-OLED gaming monitor comes with our stamp of approval. It's also on sale from Dell right now, with a $300 discount slashing its price from $1,200 to only $900. That's a steal when you consider the capabilities of this screen, so you're going to have to hurry with your purchase as stocks may run out at any moment.

Why you should buy the 32-inch Alienware 4K QD-OLED gaming monitor

Read more
Living without antivirus? Grab Avast Premium while it’s 70% off
A couple on a couch using a tablet.

I've been using the free version of Avast antivirus software for well over a decade now. It's always among the first batch of downloads I grab when I get a new laptop. Our reviewers even gave Avast One for Mac a 9 out of 10 review. But this week, Avast has a compelling offer that will convince freeloaders like me to get the paid version of Avast.

Right now, Avast Premium has an incredible 70% discount. That drops the price of one device from $80 per year to $23.40, or just under $2 per month. If you want to cover 10 devices, the price is only slightly higher, at $30 per year, or $2.50 per month. If you've been using the free version of Avast for a while, or you haven't been using antivirus software at all, this is a deal you need to check out.

Read more
Why macOS Tahoe is a big deal for Intel Macs
Apple unveiling macOS Tahoe at WWDC 2025.

Apple’s WWDC event kicked off on Monday with the usual slew of fresh announcements and updates showcasing the company’s software plans for the year ahead.

And as with every WWDC keynote, the upcoming shift to new software also signaled diminishing support for older Apple devices.

Read more