Sunday, May 22, 2022

Your SSD might be subjected to Over-provisioning malware

- Advertisement -

Researchers in Korea discovered a weakness in SSDs that allows the malware to infect an SSD’s empty over-provisioning partition directly. This makes the malware practically immune to security countermeasures, according to BleepingComputer.

Over-provisioning is a function found in all current SSDs that extends the SSD’s built-in NAND storage life and improves its performance. Overprovisioning results in a lot of vacant storage space. However, it allows the SSD to ensure that data is spread evenly across all NAND cells by shuffling data to the over-provisioning pool when needed.

While the operating system — and hence anti-virus solutions — are intended to be unable to reach this region, this new malware can infiltrate it and utilize it as a base of operations. Two attacks based on the over-provisioned space were designed by Korean academics at Korea University in Seoul. The first shows a vulnerability in the SSD that targets invalid data (data that has been erased in the OS but not physically cleaned).


To get access to more potentially sensitive data, the attacker can increase the size of the over-provisioned data pool to provide the operating system with more space. As a result, when a user tries to erase more data from the SSD, the excess data stays physically intact.

To tackle the first assault scenario, the researchers recommend designing a pseudo-erase method that physically deletes data on an SSD without harming real-world performance.

What is Malware Signal Hero refresh

To fight the second assault type, it is advised that a new monitoring system be implemented that can closely monitor the over-provisioned size of the SSDs in real-time. Furthermore, unauthorized access to SSD management tools that can change over-provisioned sizes should be protected by more robust security mechanisms.

- Advertisement -

Thankfully, these techniques were devised by researchers rather than being found as a result of a real-world attack. However, an attack like this might very well occur, thus SSD makers should begin correcting these security flaws as soon as possible before someone exploits them.

also read:

Intel surprises all by re-designing the stock cooler of its Alder Lake CPUs


- Advertisement -
Nivedita Bangari
Nivedita Bangari
I am a software engineer by profession and technology is my love, learning and playing with new technologies is my passion.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

More To Consider

Stay Connected

Boat Lifestyle [CPS] IN

Hot Topics


Latest Articles



Adblocker detected! Please consider reading this notice.

We've detected that you are using AdBlock Plus or some other adblocking software which is preventing the page from fully loading.

We don't have any banner, Flash, animation, obnoxious sound, or popup ad. We do not implement these annoying types of ads!

We need money to operate the site, and almost all of it comes from our online advertising.

Please add to your ad blocking whitelist or disable your adblocking software.