Toggle light / dark theme

New Malware Uses SSD Over-Provisioning to Bypass Security Measures

Posted in cybercrime/malcode, electronics

An almost perfect way to stealthily store malware.

Korean researchers have detected a vulnerability in SSDs that allows malware to plant itself directly in an SSD’s empty over-provisioning partition. As reported by BleepingComputer, this allows the malware to be nearly invincible to security countermeasures.

Over-provisioning is a feature included in all modern SSDs that improves the lifespan and performance of the SSD’s built-in NAND storage. Over-provisioning in essentially just empty storage space. But, it gives the SSD a chance to ensure that data is evenly distributed between all the NAND cells by shuffling data to the over-provisioning pool when needed.

While this space is supposed to be inaccessible by the operating system — and thus anti-virus tools — this new malware can infiltrate it and use it as a base of operations.

Leave a Reply