Vulnerabilities in NAND Flash Memory Chips Uncovered

NAND binary code illustration

Researchers have uncovered two key vulnerabilities in certain memory flash chips. These flaws make SSDs susceptible to data corruption and gradual damage.

Solid State Disk (SSD) Drives have gradually replaced magnetic disk-based hard drives as the main storage medium in electronic devices over the past couple of years.

For this reason, it is especially worrying that these drives can have vulnerabilities.

Researchers from Seagate Technology, Carnegie Mellon University and Swiss Federal Institute of Technology have discovered some vulnerabilities in the technology behind SSDs.

They are present in NAND memory flash chips that constitute SSDs.

According to the six experts, these vulnerabilities make the drives susceptible to malicious actors that can corrupt data and cause gradual chip damage.

NAND memory flash chips employ a type of non-volatile (no loss of electrical charge) storage technology.

They have found a market in devices and systems where large files are uploaded and replaced frequently, including phones, USB drives and data centers.

The vulnerabilities from NAND memory flash chips stem from the programming logic powering multi-level cell (MLC) technology.

MLC technology employs a floating gate transistor to enable the chips to store two bits of information.

This is in the form of charge values representing binary numbers 00, 01, 10 and 11.

The chips are vulnerable to two types of vulnerabilities as a result of programming logic behind MLCs.

1. Program Interference

The first of the vulnerabilities uncovered by the experts involves a program that reads, writes and resets data within the NAND memory chip.

They called it program interference. The attacker can cause individual chip cells to overload and interfere with other cells inside the chip by performing this attack repeatedly.

As a result, the MLC’s programming logic causes 4.9 more errors than normal.

This can change the voltage in victim cells, a phenomenon referred to as Parasitic Capacitance Coupling, and consequently alters the value of data stored therein.

This kind of data corruption has been likened to “Row Hammer” attacks that mostly target Random Access Memory (RAM) chips.

Closeup of a memory Ram chip module

“Row Hammer” attacks mostly targeted Random Access Memory chips.

However, the two are very distinct types of vulnerabilities and the researchers treated them as so. Electromagnetic pulses (EMPs) also produce a similar effect.

The researchers stated that a malicious actor could be able to replicate this effect on a much smaller scale. The software can leverage the design and structure of NAND memory chips to circumvent safeguards and target specific chip cells.

Local data corruption is not the sole result of this kind of vulnerabilities attack.

If program interference is carried out repeatedly, the SSD’s lifespan can reduce significantly.

Although NAND chips can compensate for the affected cells, repeated attacks negatively impact the chips’ ability to store information reliably.

In this case, the chips have to be replaced, which is a costly and time-consuming process.

Unfortunately, this only applies to large computer and cloud storage arrays. The chips within consumer devices are often not replaceable. As such, the entire device has to be replaced in the event of a malicious attack that takes advantage of vulnerabilities.

The Solution

The “Read Disturb” attack involves a malicious program that performs a large number of reads within a very short time. This results in “Read Disturb errors,” which corrupt data in the chip as well as data that hasn’t yet been written to the chip.

This vulnerabilities-aimed technique corrupts unwritten cells/blocks that fall outside the management of chip structure programming.

These damaged cells cannot be repaired as a result. This means that once a vulnerabilities attack occurs, users cannot store data reliably from that point onwards.

This can be especially troublesome for parties such as video editing firms, which utilize SSDs in mass file storage clusters.

The Read Disturb technique does not affect the data written by other programs. Nonetheless, it destroys the chip in the long run.

The Solution

The researchers forwarded several solutions to mitigate these vulnerabilities. They suggested a type of Radiation (RAD) hardening.

RAD hardening is employed for chips inside satellites, spacecraft and nuclear reactors to mitigate value changes due to EMPs from radiation or solar flares. Implementing this technique in NAND chips can reduce the chances of vulnerabilities being exploited.

Another way of mitigating these vulnerabilities is to buffer the data that’s read and written to NAND drives. Buffers serve to absorb the read/write processes before transferring the data to each memory cell.

While this technique does have a number of drawbacks, it makes utilizing the above vulnerabilities extremely difficult for the malicious actor. At the moment, it is not yet clear what the actors would gain if they orchestrated such vulnerabilities attacks.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.