The Dark Side of NVMe SSDs
Not all NVMe SSDs are safe; some might threaten your data.
Rick Wertenbroek, Alberto Dassatti
― 4 min read
Table of Contents
- What’s the Deal with NVMe?
- The Rise of the Evil NVMe
- How Evil NVMe Works
- The Sneaky Software
- The Scary Scenarios
- The Government Conspiracy
- The Remote Attack
- The Attack: What Could Go Wrong?
- Taking Control
- The Spy Game
- The Self-Destruction
- How To Fight Back
- The Importance of IOMMU
- Keep Your Software Updated
- Encrypt Your Data
- Final Thoughts
- Original Source
- Reference Links
We live in a world where technology is everywhere, from our phones to our computers. One of the fastest storage devices today is the NVme SSD. These little blocks of magic can store a lot of data and retrieve it even faster. But, what if I told you that not all NVMe SSDs are as friendly as they seem? Some could be hiding a dark side.
What’s the Deal with NVMe?
So, what exactly is NVMe? It stands for Non-Volatile Memory Express. In plain terms, it’s a standard that helps your computer talk to its storage faster. It’s like a fast-track lane at the grocery store for your data. Most modern computers come with NVMe SSDs because they are speedy and can handle large amounts of information.
The Rise of the Evil NVMe
Now, here’s where it gets interesting. Not all NVMe devices are created equal. Imagine one that’s been modified to act maliciously. This could turn your friendly storage device into a villain, capable of wreaking havoc on your computer and stealing information. Sounds like a bad movie, doesn’t it?
How Evil NVMe Works
This evil NVMe device can trick your operating system into thinking it’s a harmless drive while secretly collecting data or executing attacks. It’s like having a mole in your organization.
The Sneaky Software
These devices often come with special software that runs in the background. This software can monitor what you’re doing, intercept passwords, and even alter files without you knowing. If a bad actor gets control of your NVMe SSD, they might take down your entire system or steal sensitive information.
The Scary Scenarios
Let’s take a moment to think about what could happen if a bad NVMe SSD gets into the wrong hands. Picture this:
The Government Conspiracy
Imagine a government decides to compromise a well-known NVMe chip manufacturer. They could add secret features that allow them to activate the device later, causing it to act on their commands. When a conflict arises, they could use these drives to control vast networks of computers quietly.
The Remote Attack
Let’s say these bad devices could be activated remotely. With a sneaky little web cookie sent through an online ad, they could awaken and start executing their evil plans. Your computer could become part of a giant army of compromised devices without you ever realizing it.
The Attack: What Could Go Wrong?
Once activated, a malicious NVMe SSD could do quite a few nasty things.
Taking Control
First, it could take control of the operating system on its host computer. With the right access, it could change files, install malware, or even erase everything! If it finds out about your sensitive data, like passwords or banking info, it could send this information back to the attacker in a jiffy.
The Spy Game
These devices could also take on the role of a spy, watching over everything stored in them and on the host machine. Your secrets would no longer be safe, and you’d have no idea it was happening.
The Self-Destruction
In some cases, the evil NVMe SSD could turn against its host. It could wipe all its data and make itself useless, leaving you with a dead computer and lost files.
How To Fight Back
So, how do we protect ourselves from these nefarious devices? The good news is we can take steps to make things safer.
The Importance of IOMMU
One of the best defenses we have is something called IOMMU, which stands for Input-Output Memory Management Unit. Think of it as a security guard that only lets trustworthy devices through. If IOMMU is enabled and correctly configured, it can limit what any device, including an NVMe SSD, can access.
Keep Your Software Updated
Always keep your operating system and software updated. Sometimes, security flaws emerge, and manufacturers release patches to fix them. If you don’t update, you might be leaving the door open for an attack.
Encrypt Your Data
Using Encryption can protect your sensitive information. Even if a malicious NVMe device gets access, the data stored within can remain locked up tight. But remember, if the encryption keys are also stored on the NVMe, it’s like leaving the key under the doormat.
Final Thoughts
While NVMe SSDs can offer fantastic speed and efficiency, vigilance is crucial. The idea of a malicious NVMe device may sound like something out of a sci-fi thriller, but with the way technology is evolving, it’s a real risk.
By understanding the potential dangers and taking steps to secure your data, you can guard against the dark side of technology. Remember, knowledge is power, and the more you learn, the better protected you can be.
Title: Pandora's Box in Your SSD: The Untold Dangers of NVMe
Abstract: Modern operating systems manage and abstract hardware resources, to ensure efficient execution of user workloads. The operating system must securely interface with often untrusted user code while relying on hardware that is assumed to be trustworthy. In this paper, we challenge this trust by introducing the eNVMe platform, a malicious NVMe storage device. The eNVMe platform features a novel, Linux-based, open-source NVMe firmware. It embeds hacking tools and it is compatible with a variety of PCI-enabled hardware. Using this platform, we uncover several attack vectors in Linux and Windows, highlighting the risks posed by malicious NVMe devices. We discuss available mitigation techniques and ponder about open-source firmware and open-hardware as a viable way forward for storage. While prior research has examined compromised existing hardware, our eNVMe platform provides a novel and unique tool for security researchers, enabling deeper exploration of vulnerabilities in operating system storage subsystems.
Authors: Rick Wertenbroek, Alberto Dassatti
Last Update: 2024-11-01 00:00:00
Language: English
Source URL: https://arxiv.org/abs/2411.00439
Source PDF: https://arxiv.org/pdf/2411.00439
Licence: https://creativecommons.org/licenses/by-nc-sa/4.0/
Changes: This summary was created with assistance from AI and may have inaccuracies. For accurate information, please refer to the original source documents linked here.
Thank you to arxiv for use of its open access interoperability.
Reference Links
- https://github.com/rick-heig/eNVMe
- https://github.com/anonymous/project
- https://docs.kernel.org/PCI/endpoint
- https://github.com/ufrisk/pcileech
- https://github.com/openai/CLIP
- https://github.com/ufrisk/pcileech?tab=readme-ov-file
- https://onfi.org
- https://nvmexpress.org/nvm-express-announces-the-release-of-the-computational-storage-feature/
- https://www.snia.org/computational
- https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0c-2022.10.04-Ratified.pdf
- https://nvmexpress.org/wp-content/uploads/NVM-Express-PCIe-Transport-Specification-1.0c-2022.10.03-Ratified.pdf
- https://pcisig.com/specifications/pciexpress/
- https://pcisig.com/specifications/pciexpress/M.2_Specification/
- https://pcisig.com/specifications/pciexpress/specifications/
- https://www.eetimes.com/pci-express-takes-on-thunderbolt/
- https://www.thunderbolttechnology.net/blog/thunderbolt-3-usb-c-does-it-all
- https://www.cnet.com/tech/computing/thunderbolt-3-and-usb-type-c-join-forces-for-one-port-to-rule-them-all/
- https://www.sdcard.org/pdf/SDExpressDeliversNewGigabtyeSpeedsForSDMemoryCards.pdf
- https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/specifications/48882_IOMMU.pdf
- https://cdrdv2-public.intel.com/671081/vt-directed-io-spec.pdf
- https://developer.arm.com/documentation/ihi0070/latest/
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-iommu-deep-dive
- https://www
- https://github.com/NSAPlayset/SLOTSCREAMER
- https://github.com/carmaa/inception
- https://github.com/ufrisk/LeechCore
- https://youtu.be/fXthwl6ShOg?si=61YVt9jMWbrvhycZ
- https://storedbits.com/ssd-power-consumption/
- https://nvmexpress.org/resource/technology-power-features/
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1971699
- https://discussion.fedoraproject.org/t/setting-some-hardening-kargs-for-all-fedora-variants/108866/1
- https://us.informatiweb.net/tutorials/it/bios/enable-iommu-or-vt-d-in-your-bios.html
- https://diverto.github.io/2019/11/05/Extracting-Passwords-from-hiberfil-and-memdumps
- https://mcsi-library.readthedocs.io/articles/2022/04/windows-hibernation-files-in-digital-forensics/windows-hibernation-files-in-digital-forensics.html
- https://github.com/MagnetForensics/swsusp2bin
- https://www.invisiblethingslab.com/resources/2011/Software
- https://support.microsoft.com/en-us/windows/bitlocker-drive-encryption-76b92ac9-1040-48d6-9f5f-d14b3c5fa178
- https://docs.kernel.org/admin-guide/device-mapper/dm-crypt.html
- https://www.tomshardware.com/news/windows-software-bitlocker-slows-performance
- https://www.phoronix.com/review/ubuntu-1804-encrypt
- https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
- https://www.reddit.com/r/linux/comments/15wyukc/the_real_performance_impact_of_using_luks_disk/
- https://wiki.debian.org/SecureBoot#Secure_Boot_limitations
- https://www.theverge.com/2021/4/30/22410164/linux-kernel-university-of-minnesota-banned-open-source
- https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
- https://www.microsoft.com/en-us/research/project/dice-device-identifier-composition-engine/
- https://lightnvm.io
- https://www.openssd-project.org