NAND flash attack can corrupt SSD data

SSDs vulnerable to Rowhammer-style attacks that can corrupt data and shorten the life-span of flash storage

Researchers have uncovered a means of corrupting the data on SSDs in an attack reminiscent of the Rowhammer effect that targets RAM.

The attack overcomes reliability measures used to ensure the integrity of data when it is written to the SSD, they warn.

"When a flash cell is programmed, a high voltage is applied to the cell. Due to parasitic capacitance coupling between flash cells that are physically close to each other, flash cell programming can lead to cell-to-cell program interference, which introduces errors into neighbouring flash cells," write the researchers, in a paper published earlier this month.

In order to reduce the risk of this known shortcoming corrupting data, "flash manufacturers adopted a two-step programming method, which programs the multi-level [flash] cell in two separate steps.

"First, the flash memory partially programs the least significant bit (LSB) of the MLC to some intermediate threshold voltage. Second, it programs the most significant bit to bring the MLS up to its full voltage state."

However, claim the researchers, it is possible to corrupt the data on a partially programmed cell.

"We show that it is possible to exploit these vulnerabilities on SSDs to alter the partially-programmed data, causing (potentially malicious) data corruption," they write.

The researchers outline two types of attack: 'program interference' and 'read disturbance'.

Program interference involves writing data with a certain pattern to the victim's SSD. The data pattern causes an increase in write errors and, as a side effect, triggers interference in neighbouring cells. In addition to the potential for crafting attacks based on this technique, it could also shorten the life-span of NAND flash devices.

With the read disturb flaw an attacker forces an SSD to perform a large number of read operations very quickly, causing 'read disturb errors'. These can corrupt the data on the SSD.

The researchers have recommended three steps that NAND flash manufacturers can take to address these technical security shortcomings.

In response to the findings of their experiments, the researchers recommended a number of potential mitigations. "Our experimental evaluation shows that our new mechanisms are effective: they can either eliminate the vulnerabilities with modest/low latency overhead, or drastically reduce the vulnerabilities and reduce errors with negligible latency or storage overhead," they conclude.