Security seekers don’t take a vacation, New Year or not. A flaw has been discovered in Micron’s SSDs, which are widely used by many manufacturers. And this vulnerability is particularly devious.
Since 2016, SSDs produced by Micron incorporate a buffer zone that allows data to be temporarily stored in order to speed up the disk writing process. This technology, called Flex Capacity, therefore creates a dynamic space on the SSD, called Over Provisioning. The latter improves the performance of disks, to such an extent that it has been adopted (under other names) by competing manufacturers.
Alert in the buffer zone
Security researchers at the University of Korea in Seoul have pinpointed a flaw in the Over Provisioning buffer. By exploiting this vulnerability, hackers are able to inject data that is invisible to applications and the operating system.
Once he gains access to this space, the hacker has the means to store malicious code and recover data that may have been stored there for six months. The potential danger is therefore very serious, and it is all the more so since the researchers have focused on Flex Capacity, not on the other equivalent technologies used by Micron’s competitors.
Specialists from Seoul University suggest several ways to reduce the dangerousness of this vulnerability. They offer SSD manufacturers to develop a system to analyze the data present in the buffer zone. Or to delete the data present in Over Provisioning with an algorithm that would not affect the performance of the SSD.