Mobile Flash Storage Wearout Attack and Defense
Although flash cells wear out, a typical SSD has enough cells and sufficiently sophisticated firmware that its lifetime generally exceeds the expected lifetime of its host system. Even under heavy use SSDs last for months and can be replaced upon failure. We show that due to limited hardware, under heavy use, one can easily, and more quickly, wear out smartphone flash storage. Consequently, a simple, unprivileged, malicious application can render a smartphone unbootable (“bricked”) in a few short weeks with no warning signs to the user (Figure 1). This bleak result becomes more worrisome when considering the fact that smartphone users generally believe it is safe to try out new applications.
Figure 1: Time needed to wear out the embedded flash storage on various devices.
For more details, please refer to our MobiSys ‘19 paper.
Link to our proof-of-concept wearout attack targeting Android systems.
Source code of our defense framework(for Samsung S6 phone) is available here.