Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of the user and security solutions.
The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by SSD makers these days for performance optimization on NAND flash-based storage systems.
Hardware-level attacks offer ultimate persistence and stealth. Sophisticated actors have worked hard to implement such concepts against HDDs in the past, hiding malicious code in unreachable disk sectors.
Source: Bleeping Computer