Security flaw found in SSD technology
Researchers at Carnegie Mellon University have discovered an exploitable flaw in SSD design. The flaw makes SSDs which use multi-cell level (MLC) technology vulnerable to attacks, which cause reduced lifespan and data corruption. Single-level cell (SLC) drives are not affected by the flaw, but faster MLC SSDs are vulnerable due to the method they use to write data to their flash cells.
Unlike SLC drives, MLC SSDs write data into a buffer from a flash cell instead of writing from the flash controller. This process allows the written data to be intercepted and corrupted as it is being written, which causes file corruption and can reduce the lifespan of the drive. SSD manufacturers can fix the flaw by writing data from the flash controller, but this would increase latency.
Low latency is a major feature of MLC drives. The research did not state whether triple-level cell (TLC) drives were affected, but according to ExtremeTech, the technology could also be vulnerable due to its similar programming process. ExtremeTech also noted that the vulnerability affects 2D NAND manufactured below the 40nm process node, meaning 3D NAND devices using single-shot programming are unaffected – as they do not use two-stage programming.
However, once the manufacturing process for 3D NAND advances past 40nm, manufacturers are expected to return to two-stage programming.