Pandora's Box in Your SSD: The Untold Dangers of NVMe

TL;DR

This paper introduces eNVMe, a malicious NVMe device platform that reveals security vulnerabilities in operating systems' storage management, emphasizing the need for better mitigation and open-source hardware solutions.

Contribution

The paper presents the first open-source, Linux-based malicious NVMe platform enabling detailed exploration of storage subsystem vulnerabilities.

Findings

Identified multiple attack vectors in Linux and Windows.

Demonstrated the feasibility of malicious firmware in NVMe devices.

Highlighted the importance of open-source firmware for security research.

Abstract

Modern operating systems manage and abstract hardware resources, to ensure efficient execution of user workloads. The operating system must securely interface with often untrusted user code while relying on hardware that is assumed to be trustworthy. In this paper, we challenge this trust by introducing the eNVMe platform, a malicious NVMe storage device. The eNVMe platform features a novel, Linux-based, open-source NVMe firmware. It embeds hacking tools and it is compatible with a variety of PCI-enabled hardware. Using this platform, we uncover several attack vectors in Linux and Windows, highlighting the risks posed by malicious NVMe devices. We discuss available mitigation techniques and ponder about open-source firmware and open-hardware as a viable way forward for storage. While prior research has examined compromised existing hardware, our eNVMe platform provides a novel and unique tool for security researchers, enabling deeper exploration of vulnerabilities in operating system storage subsystems.