I am unconvinced. They have not demonstrated an attack on any real-world SSD; instead they have attacked their own FPGA-based design.
The attack assumes that you can control or predict the physical location of data on an SSD, which is unlikely on a system that is doing other I/O.
But worst of all, the "attack" assumes that if you can target the right physical block/pages in flash, you can somehow hit that location with sufficient read-disturb that the result will decode successfully, AND pass ECC checks, meaning the resulting bad data will be returned to the host system.
I am highly skeptical that this could ever work on a real SSD. The combination of BCH/LDPC error-correction codes combined with a final checksum should make "random bit flipping" impossible to leverage.
Oh, and there's one more thing: SSD firmware keeps counters, to ensure that read disturb can't corrupt data. Any read pattern that hammers a particular location will trigger garbage collection or data rewrite to a fresh location.
We do not claim to have an attack on SSDs. The journalist seems to have misunderstood and not read the paper. The attack demonstrated is not on an FPGA or SSD.
The main point this paper makes and demonstrates is that if you can cause corruption of a full block (i.e., completely garble contents of a chosen block), then you can
elevate privileges (with some assumptions, like using ext3). Note that this result does not depend on whether you are using an SSD, a disk, or any other storage for your filesystem.
From your paper: "We assume that the victim system runs
a filesystem on top of MLC NAND flash-based SSD."
It seems very naive to be surprised that people would assume this is an attack on SSDs.
If you want to critique the flash paper, or how this paper represents that papers findings, you should turn your attention to:
Yu Cai, Augata Ghose, Yixin Luo, Ken Mai,
Onur Mutlu, and Erich Haratsch. “Vulnerabilities in MLC NAND Flash Memory Programming:
Experimental Analysis, Exploits, and Mitigation
23rd IEEE International Sympo-
sium on High Performance Computer Architecture
I found a PDF link too: https://pdfs.semanticscholar.org/b9bc/a3c9f531002854af48de12...
I don't agree that the authors of the present paper are exempt from criticism for this reason.
Based on a recently published paper by Cai et al. 
that proposes that rowhammer-like attacks are possible on
SSDs but does not present an actual attack, we investigate
the feasibility of such attacks on SSDs from the system
point of view.
So it might be easy for a non-technical reader to jump to that conclusion.
However, I agree that we should expect science journalists to be in the latter group.
So I see failures in both sides of the communication.
To raise an earlier quote, a central sentence from the abstract: "In this paper, we discuss the requirements for a successful, full-system, lo-
cal privilege escalation attack on such media, and show
a filesystem based attack vector. " This is also a good description for the masses, and only a very sloppy journalist would read past that and jump to premature conclusions.
(side note: I don't think there's any need to get into credentials about who's been in academia. There are lots of terrible writers, and minority opinions about writing, in academia.)
That's an entirely unsurprising fact, especially if you've ever played around with cracking/patching. A single-bit change in the right place is sufficient to turn an "are you root/registered/privileged/etc.?" check into its negation. This isn't anything novel or unexpected to anyone who knows how software works.
Also this is not a journal paper, this is a workshop (Usenix "Workshop on Offensive Technologies") which is meant as a kind of get together of academics and practical/industry guys. So just demonstrating an "theoretically obvious" exploit would be fine content for that venue, especially if it's not been academically documented before.
2) feasible; and
3) reliable to the point of weaponization
It may take 5 years. It may take 20 years. It will invariably require a huge amount of other research, only some of which will appear relevant. Then all of a sudden the intermediate pieces are all understood and the first practical attack becomes possible.
Even if this attack only works against an ideal target, it still shows a new way of thinking about particular attacks.
> Any read pattern that hammers a particular location will trigger garbage collection or data rewrite to a fresh location.
I can't help thinking that you may have inadvertantly outlined how an eventual practical attack will be performed. This wouldn't be the first time a mitigation method is abused to prepare an attack either - what if you had statistical methods at your disposal to predict how the SSD's wear-leveling redirects your writes? Could you arrange for the cells to be rotated in and out in a reliably determinable pattern?
I'm not discounting your doubts, btw. I'm just pointing out that dismissing the attack due to its current sophistication (or lack thereof) feels shortsighted.
In general, yes it's always good to keep in mind that just as technology progresses exponentially, technological attacks also progress exponentially.
BUT, theoretical attack -> weaponized attack is hardly an axiom. To take a page out of history which I believe is apropos, let us recall the old myth of recovering data from an erased hard drive.
Way back in yonder years it was widely believed that three letter agencies could take any hard drive that had been erased, and recover all the data by carefully analyzing the residual magnetic flux. A single erase, the theory went, wasn't enough to fully wipe the magnetic signal.
The idea was so pervasive that security obsessed peoples would wipe their drives 6, 7, maybe even 8 times just to be sure. That'll stop those three letter agencies!
Well, as time went on it turned out the theoretical attack became less plausible and less feasible! We have no evidence that such a technique was _ever_ used. And while, in theory, it _may_ have been possible when the myth started, the relentless march of platter density rendered it less and less feasible as time went on.
It's hard to know what attacks will follow the exponential curve upward towards weaponization, and which will follow it downward to obscurity. Best to just keep your wits about you, I say.
There are some things that are not just hard, but computationally infeasable. Triggering random bit errors and expecting to pass both the LDPC error correction as well as the extra checksum probably falls in this category.
I'm afraid I don't follow your suggestion that triggering SSD GC could somehow result in some other attack. This is simply the firmware automatically repairing the damage you were attempting to inflict. I don't see an additional attack vector here.
Since flash is already an unreliable media, hardware & firmware already works very hard to conceal and silently repair any errors before they accumulate to a data corruption scenario. This is very different from a rowhammer-type attack because there is an active CPU that already works to prevent this type of damage when it occurs naturally (or due to a naive workload that reads hot locations often).
I was thinking more of the wear-leveling of the NAND cells. (Sibling comment from wtallis points out that the entire technology is being phased out so that's pretty much covered then.)
What I had in mind was a write-spray to identifiable locations. Wear-leveling cycles cells out from active to inactive, and from inactive back to active. If you could prepare a whole bunch of cells with suitable patterns, AND had a way to get occasional cells cycled in uninitialised - then having predictable control over "where"[ß] a cell is cycled back in could allow to target the reads and writes to perform the attack.
We don't need control over which cells are cycled in if majority of incoming cells already have our data on them from their previous active incarnation.
ß: There is indirection above the physical cells and their addressing. I just don't know how many layers.
Except that the NAND flash that's vulnerable to these attacks is being phased out of production as quickly as the fabs can be converted. Coming up with more plausible ways to obtain the oracular knowledge necessary to properly target this attack is of no use if the underlying storage medium no longer has the failure mechanism that's being exploited.
Perhaps you could corrupt the DRAM cache of the SSD, though?
I do support you in the general point that this is rather unit to work on SSDs but it may work on HDDs as they have a similar failure mode and physical locality is easier to achieve there on them.
That said they unlikelihood didn't make it impossible. Filesystems should be written and tested against such attacks.
Among other things, making a successful attack would require sufficient privilege level to bypass all layers of read caches (and probably also all write caches), a target SSD that doesn't use modern 3D NAND, and intimate knowledge of the internals of the SSD controller and firmware, potentially up to the internal state of the LFSR or AES used to scramble data before it is written to the flash.
There's interesting stuff in this research; it highlights aspects of the unreliability of flash memory that I haven't previously seen emphasized so clearly. But since everything about SSD design already assumes that the flash memory is thoroughly unreliable and untrustworthy, these corner cases don't rise to the level of a real-world vulnerability.
No, they claim only to be able to use hdparm to extract the logical block address at which a file is stored. Whether that gives you any useful information is entirely dependent on the internals of the SSD.
I understand not everyone will have the same reaction. I don't pretend to speak for everyone, but I suspect I speak for the majority.
>Author here, I would like to set the record straight.
>We do not claim to have an attack on SSDs.
but in the paper:
>>"We assume that the victim system runs a filesystem on top of MLC NAND flash-based SSD."
Also, those sentences aren't contradictory. "Note that this result does not depend on whether you are using an SSD, a disk, or any other storage for your filesystem." Meaning the attack might apply to someone using an SSD, but the SSD has nothing to do with the vulnerability. It is useful to precisely define a model case in the paper so your results can be easily reproduced, even if some details are not required to demonstrate the vulnerability.
The post on question also didn't call the author an idiot, just said that the paper was idiocy. That's not ad hominem at all.
Differential cryptanalysis is not about defending against bit-flips. Instead, it is about comparing two cipher texts to learn something about the relation between corresponding plain-text.
This is only possible on AES-CTR if you have to ciphertexts with the same key and nonce/IV. This is why a nonce is supposed to be used only once. Same goes for other xor based stream ciphers.
I recommend you read this article: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Same way Rowhammer works. Exploiting a physical vulnerability gives zero damns about encryption. Now whether you get VALID or USABLE data from the attack is an entirely different story.
If it's anything else the user would have to enter the key. So in practice, it's not /really/ encrypted.
> Update: Our reporting was incorrect, here is a comment from the author of the report: “Author here, I would like to set the record straight.We do not claim to have an attack on SSDs. The journalist seems to have misunderstood and not read the paper. The attack demonstrated is not on an FPGA or SSD. The main point this paper makes and demonstrates is that if you can cause corruption of a full block (i.e., completely garble contents of a chosen block), then you can elevate privileges (with some assumptions, like using ext3). Note that this result does not depend on whether you are using an SSD, a disk, or any other storage for your filesystem.”