• Home

Recently Discovered SSD Vulnerabilities Could Cripple Global Markets with Data Corruption, Said Condusiv

If exploited by attackers
This is a Press Release edited by on 2017.06.08

AddThis Social Bookmark Button

Condusiv Technologies Corporation, in software-only storage performance solutions, announced that recently discovered MLC SSD vulnerabilities that corrupt data could cripple global markets if exploited by malicious attackers, leaving much of the world's data currently exposed except for its own customers.

"If security experts and data protection experts didn't have enough to worry about already, the latest discovery from Carnegie Mellon University has set off brand new alarms that could be far more crippling than the recent WannaCry virus or any ransomware attack. In this case, data is not infected or held hostage, but is lost entirely - not even the host SSD hardware can be salvaged after such an attack. This is not simply alarming to organizations that stand the most to lose like financial institutions, but we're talking about real lives here if patient care is compromised as we saw earlier this month at hospitals across the UK," said Brian Morin, SVP, sales and marketing, Condusiv.

In a report recently published by researchers from Carnegie Mellon University, Seagate, and the Swiss Federal Institute of Technology in Zurich, there are two types of malicious attacks that can corrupt data and shorten the lifespan of MLC SSDs - a write attack (program interference) and a read attack (read disturb). Both attacks inundate the SSD with a large number of operations over a short period of time, which can corrupt data, shorten lifespan, and render an SSD useless to store data in a reliable manner into the future. However, both attacks rely upon native read and write operations from the OS to the SSD, which is circumvented by Condusiv's SSDkeeper on Windows systems.

"The only reason this story was not sensationalized across headlines last week is because no one has died yet or lost a billion dollars. This is a new and very different kind of vulnerability. Protection from this kind of an attack is not something that can be addressed by traditional lines of defense like anti-virus software, firmware upgrades, or OS patches. Since it is cost prohibitive for organizations to 'rip-and-replace' multi-cell SSDs with single-cell SSDs, they are forced to rely on data sets that have been 'backed-up.' However, what good is restoring data to hardware that can no longer reliably store data? There is no known protection to keep MLC SSD data safe and no tech organization has responded to these challenges until today," said Morin.

He continued: "By acting as the 'gatekeeper' between the Windows OS and the underlying SSD device, Condusiv's SSDkeeper performs inline optimizations at the OS-level before data is physically written or read from the SSD. As a result, SSDkeeper's patented technology is the only known solution that can disrupt 'program interference' write operation attacks as well as 'read disturb' read operation attacks that would attempt to exploit SSD vulnerabilities and corrupt data. While most known for boosting performance of Windows PCs and servers while extending the longevity of SSDs, SSDKeeper goes a step further as the only line of defense against these malicious attacks. We don't have a solution for Linux users at this time which, unfortunately, leaves those organizations entirely exposed."

SSDkeeper patented write optimization engine (IntelliWrite) mitigates the first vulnerability, 'program interference,' by disrupting the write pattern that would otherwise generate errors and corrupt data. It eliminates excessively small writes and subsequent reads by ensuring large, clean contiguous writes from Windows so write operations to SSDs are performed in the most efficient manner possible on Windows servers and PCs. An attack could only be successful in the rare instance of limited free space or zero free space on a volume that results in writes occurring natively, circumventing the benefit of IntelliWrite.

SSDkeeper's second patented engine (IntelliMemory) disrupts the second vulnerability, 'read disturb,' by establishing a tier-0 caching strategy that leverages idle, available memory to serve hot reads. This renders the 'read disturb' attack useless since the storage target for hot reads becomes memory instead of the SSD device. A 'read disturb' attack could only be successful in the rare instance that a Windows system is memory constrained and has no idle, available memory to be leveraged for cache by SSDkeeper.

Morin added: "Organizations use SSDkeeper site-wide on their Windows PCs and servers to maintain peak performance and extend the longevity of their SSDs. Now they can trust SSDkeeper to protect against malicious attacks that would otherwise corrupt user data and bring great harm to their business and service to customers."