SSD Vulnerability

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
azblue
Member
Member
Posts: 147
Joined: Sat Feb 27, 2010 8:55 pm

SSD Vulnerability

Post by azblue »

I just encountered this: https://www.tomshardware.com/news/ssd-o ... cebook.com
Malware can hide in the over-provision area of a SSD.

The proposed fix from the article:
The researchers suggest implementing a pseudo-erase algorithm that physically deletes data on an SSD without affecting real-world performance to counter the first attack model.

It is recommended to implement a new monitoring system that can closely watch the over-provisioned size of the SSDs in real-time to counter the second attack model.
If you're writing code for SSDs, this is stuff you'll want to know about!
Top
Octocontrabass
Member
Member
Posts: 5563
Joined: Mon Mar 25, 2013 7:01 pm

Re: SSD Vulnerability

Post by Octocontrabass »

Is this any different from using HPA and/or DCO to hide data on the drive?

Though the author's suggested fix (monitoring the drive's reported capacity) is a good idea anyway, since it can be used to identify failing drives.
Top
Post Reply

Return to “OS Development”