Overprovisioning SSD - Windows 11


The worrying thing is that these researchers tend to inform the manufacturers of their findings first, some manufacturers even have a bounty system in place for these circumstances, but if the manufacturers refuse to accept the evidence, or that it could be an issue (meaning they refuse to pay a bounty as well) the researchers will publish their findings publicly in an attempt to at least force the manufacturers into putting anti vulnerability measures into place.
Not saying that is what has happened here, it is possible fixes are on the way which is why the story can be reported now, well we can hope. :)
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes
You don't know the full circumstances. These researchers have unfettered access to a system. Hackers have more hurdles to jump through. I am not concerned, though I don't over-provision because it isn't really necessary.

I just scanned the article. They mention an over provisioning partition in which they can inject code. There has to be a partition for them to be able to do that. But you do not need an unused partition to over provision, you can just not allocate space on the drive, or shrink a partition to free provide unallocated space. This would provide another hurdle - requiring creating a new partition without your detection.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    DIY Photoshop/Game/tinker build
    CPU
    Intel i9 1300KS
    Motherboard
    Asus ROG Maximus Z90 Dark Hero
    Memory
    64GB (2x32) G.skill Trident Z5 RGB 6400 MHZ 32-39-39
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    Onboard Audio, Vanatoo Transparent One; Klipsch R-12SWi Sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    Eizo CG2730, ViewSonic VP2768
    Screen Resolution
    2560 x 1440p x 2
    Hard Drives
    WDC SN850 1TB nvme, SK-Hynix 2 TB P41 nvme, Raid 0: 1TB 850 EVO + 1TB 860 EVO SSD. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black
    PSU
    850W Seasonic Vertex PX-850
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    EKWB 360 Nucleus Dark AIO w/Phanteks T30-120 fans, 1 Noctua NF-A14 Chromax case fan
    Keyboard
    Glorious GMMK TKL mechanical, lubed modded
    Mouse
    Logitech G305 wireless gaming
    Internet Speed
    380 Mb/s down, 12 Mb/s up
    Browser
    Firefox
    Antivirus
    Defender, Macrium Reflect 8 ;-)
  • Computer type
    Laptop
    Manufacturer/Model
    Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox
I believe the article refers to the over provisioned space the manufacturers build into the drive, this is beyond the ability for either users or the OS to see. It is used by the drives firmware for wear levelling and other built in features, it is nothing to do with standard over provisioning or partitioning.
This is why it is of particular interest to researchers and possibly malware authors as any OS based anti malware currently in use would be completely powerless against such an attack vector.
And yes it would be extremely difficult to take advantage of initially, but we have already seen high resource intensive "hacking" methods become easier to reproduce and trickle down the hill in shorter time than would at first be believed.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes
I believe the article refers to the over provisioned space the manufacturers build into the drive, this is beyond the ability for either users or the OS to see. It is used by the drives firmware for wear levelling and other built in features, it is nothing to do with standard over provisioning or partitioning.
This is why it is of particular interest to researchers and possibly malware authors as any OS based anti malware currently in use would be completely powerless against such an attack vector.
And yes it would be extremely difficult to take advantage of initially, but we have already seen high resource intensive "hacking" methods become easier to reproduce and trickle down the hill in shorter time than would at first be believed.
I question the motives of authors of this and similar articles as they highlight an issue and publicise weaknessea informing hackers of possible new methods they can attack pc. If they had not published, the hackers would be unaware of such an issue.

Why do they publicise details - is it to shame the SSD vendors into action, or is it to publicise how great they are (to generate more work).

Even if the authors were being altruistic and believe the issue should be publicised, they should ask themselves if they could create more damage than they solve.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
The article does not really go into enough detail to know, usually the attack vector is reported to the manufacturers for validation and closing long before the details are made public. Occasionally the story may be leaked early, which is bad news or published because manufacturers fail to act for whatever reason, with a view to forcing action since it is now in the public domain.
There is no reason to believe that such attack vectors are not being found by malware authors, maybe starting with state funded groups, I would prefer if the altruistic researchers found the weaknesses before those groups, after all prevention is better than fixing the potential mess these sort of exploits could cause.
 

My Computer

System One

  • OS
    Windows 11 Pro 22H2, build: 22621.521
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS Custom 1700
    CPU
    Intel i7-12700K 3.6GHz Base (5.0GHz Turbo)
    Motherboard
    Asus ProArt Creator B660 D4
    Memory
    64GB DDR 3600Mhz
    Graphics Card(s)
    Asus Tuff RTX 3080 10GB OC
    Sound Card
    Onboard Realtek
    Monitor(s) Displays
    Gigabyte G32QC 32inch 16:9 curved @2560 x 1440p 165Hz Freesync Premium Pro/ Dell SE2422H 24inch 16:9 1920 x 1080p 75Hz Freesync
    Screen Resolution
    2560 x 1440p & 1920 x 1080p
    Hard Drives
    WD SN570 1TB NVME (Boot), Samsung 870QVO 1TB (SSD), SanDisk 3D Ultra 500Gb (SSD) x2, Seagate 3Tb Expansion Desk (Ext HDD), 2x Toshiba 1Tb P300 (Ext HDD)
    PSU
    Corsair RM1000X Modular
    Case
    Corsair 4000D Airflow Desktop
    Cooling
    Corsair Hydro H150i RGB Pro XT 360mm Liquid Cooler, 3 x 120mm fans, 1x Exhaust
    Keyboard
    Microsoft Ergonomic
    Mouse
    Logitech G402
    Internet Speed
    800Mbs
    Browser
    Edge Chromium
    Antivirus
    Defender, Malwarebytes
It's good to know that there are plenty of helpful hackers about, they are needed to fight those darstardly NC's, R's and C's.
 

My Computers

System One System Two

  • OS
    W11 pro beta
    Computer type
    PC/Desktop
    Manufacturer/Model
    home built
    CPU
    Athlon 3000G
    Motherboard
    Asrock A320M-HDV r4.0
    Memory
    16Gb Crucial DDR4 2400
    Graphics Card(s)
    onboard cpu
    Sound Card
    onboard
    Monitor(s) Displays
    AOC 27
    Screen Resolution
    2560-1440
    Hard Drives
    WD black SN750 M2 500Gb
    PSU
    500W Seasonic core 80+gold non modular
    Case
    Fractal Design Define R2
    Cooling
    front 2 x 120mm rear 100mm stock psu
    Internet Speed
    135/20
    Browser
    Firefox and edge
    Antivirus
    Windows Security and free Malwarebytes
  • Operating System
    W11 pro 64 beta (from W10 pro system builder pack)
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 7 5700G
    Motherboard
    MSI B450 tomahawk max II
    Memory
    4 x 8Gb Corsair Vengeance LPX 3000 DDR4
    Graphics card(s)
    onboard cpu
    Sound Card
    motherboard
    Monitor(s) Displays
    LG 21.5" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD 1Tb Black M2 SN850X on Asus hyper M2 X16 max V2 card
    PSU
    Be Quiet 400 semi modular 80+gold
    Case
    Coolermaster Silencio 650
    Cooling
    140mm front, 120 rear Akasa Vegas Chroma AM
    Internet Speed
    135/20
    Browser
    edge/Firefox
    Antivirus
    WD plus Malwarebytes free

Latest Support Threads

Back
Top Bottom