Chinese SSD offers mission impossible style self destruction (opens in new tab)

(theregister.co.uk)

39 pointsmakethetick14y ago38 comments

38 comments

32 comments · 14 top-level

I'm really surprised that they implement "destroy all data" by physically overwriting the flash cells. This is commonly (e.g. iPhone) done by storing all data encrypted with a randomly-chosen key and just throwing away the key to "delete" it, which is a much faster way to destroy a drive. And it's not like Flash drives can function without a somewhat complicated controller anyway...

EDIT: clarified in response to DanBlake (and hackermom, who has just been hellbanned.)

DanBlake14y ago

Can you explain why adding a encryption routine is faster than just blind overwriting the data with 0's?

Genuinely curious as it seems that would not make sense, if you overwrote it with zeros in a comparable, logical manner.

lparry14y ago

The data is stored encrypted by default, then once the key is discarded you no longer have data, just encrypted gibberish; all without writing to any of the disk where the data was. Much, much faster than having to zero out the whole disk

1 more reply

JoachimSchipper14y ago

What JonnieCache and DanBC say: keep the data encrypted at all times, then you can just overwrite the few bytes of the encryption key to render the data unreadable. This has the additional advantage that you only need to really securely erase a very small amount of storage (plus the controller's memory.)

(Editing my original post to make this more clear. Sorry.)

3 more replies

JonnieCache14y ago

If you encrypt the data, you only have to zero out the key (nanoseconds? maybe microseconds) instead of zeroing all the data. Assuming there is no backup of the key, the data is just as gone as if you'd zeroed it.

DanBC14y ago

The drive is always encrypted. In an emergency you only have to destroy a little bit of the drive; the part that stores the key.

ArchD14y ago

Theoretically, information is information, encrypted or not, and just because the key is zeroed out doesn't mean part of the original information cannot be obtained from encrypted data. For example, an infinitely fast brute-force algorithm could crack it, as well as a lucky guess, however unlikely. If the key is weak relative to the strength of the cracking algorithm/hardware and the cost of leaking information, then this doesn't work.

JonnieCache14y ago· 3 in thread

I just wasted 5 minutes trying to find a link to post here. It was an article where two hackers decided to actually try out all the various hard disk destruction methods people postulate, with a view to making a remote self-destruct mechanism. They posted lots of photos of different things they tried, and an amusing write up of their escapades: they burned them with fire, attacked them with acid, masonry drills, other chemicals, almost maiming themselves and annihilating their garage a couple of times. If anyone could dregde up the URL for me I'd be most appreciative.

humbert14y ago

The article is likely about the talk "And That's How I Lost My Eye: Exploring Emergency Data Destruction" at DEFCON 19 [1]. A blog post [2] gives a quick overview, and the 50 minute talk [3] is very entertaining. There's no whitepaper, and I couldn't quickly find a more detailed article.

[1] https://www.defcon.org/html/links/dc-archives/dc-19-archive....

[2] http://www.sportsfirings.com/?p=4959

[3] http://www.youtube.com/watch?v=oXbq0BFzQQg

JonnieCache14y ago

Thanks muchly. I think it was probably the video that I saw.

EDIT: yep, it was. You should all watch it, it is most diverting.

DanBC14y ago

I'd be interested to see that link!

Perhaps it's this? DEFCON 19: And That's How I Lost My Eye: Exploring Emergency Data Destruction

(http://www.youtube.com/watch?v=oXbq0BFzQQg)

bobsy14y ago· 3 in thread

I am wondering what the use case for this is.

I mean you want to destroy your computing equipment for 2 reasons.

1) Its end of life cycle. In this situation you have plenty of time to do what you want.

2) The enemy is upon you. In this situation you are very short on time.

For situation 2 I would have thought burning or blowing up the computers would be a better solution than trying to quickly unscrew the case. Find the cable. Find the hole to plug the cable in. Press the button. Move onto next hard drive / system.

For situation 1 I would have thought that destroying them another way would be just as effective. You would also have the advantage of not having self destructing hard drives in key systems which could malfunction / be exploited / triggered because someone pressed the red button to erase by mistake.

The only use case I can think of is hackers / pirates / terrorists. I could see them running a computer which has the red button ready to go and taped to the outside of the case to destroy evidence as soon as police try to kick down your front door.

regomodo14y ago

"a better solution than trying to quickly unscrew the case. Find the cable."

A dedicated panel switch.

sneak14y ago

> hackers / pirates / terrorists

Some of us have been variously labelled all three.

datagramm14y ago

"The only use case I can think of is hackers / pirates / terrorists. I could see them running a computer which has the red button ready to go and taped to the outside of the case to destroy evidence as soon as police try to kick down your front door."

I'd imagine this was the manufacturer's intention. If you're going to the trouble of building a computer with an instant self-destruct feature, you'll probably put the button somewhere accessible.

tferris14y ago· 3 in thread

Why do I need the red button if the green button erases data sufficiently?

The red button is impressive but whats the benefit of trashing the SSD? Or does the green button not erase data with 100% reliability?

klodolph14y ago

It's for organizations that have different standards.

For example, the DoD has a pretty strict standard w.r.t. erasing traditional magnetic hard drives, even though `dd of=/dev/zero` should be good enough. Attacks at that point are theoretical, but they want defenses against theoretical attacks.

hristov14y ago

For one, the green button may not be fast enough. There are many ways flash cells can be killed en masse. Individually rewriting each cell would take much longer. Someone can then pull the plug and stop the entire process.

qbrass14y ago

The red button works in a few seconds. The green one might take a few minutes.

atleta14y ago· 1 in thread

What's the point of the green button (overwriting data with random garbage), if you can have an encrypted drive, which means you have random garbage on it all the time, lest you have the key. Well, maybe that's how it works (erasing the encryption key), though in this case there is no point of doing it remotely.

In this case the red button is not that important either. The only thing they could be used is when you are tortured to give away the decryption key (or passphrase) for the drive. By pressing the red button, you could convince the bad guys, that they won't be able to read the data anyway. The green button would not save your arse, since they may just think that you gave them the wrong key.

VMG14y ago

The green button provides security even if your encryption key has been compromised.

twp14y ago· 1 in thread

Does this have an internal battery to ensure that the destruction is complete even if the power source is removed? Otherwise there's an obvious weakness: before raiding the house, cut the power: this will prevent the SSD user from being able to destroy their data.

makethetickOP14y ago

I imagine if someone is serious enough to be using this, they'd be running a UPS too.

jaems3314y ago· 1 in thread

Smoke and close up damage seem fake.

sirclueless14y ago

Were you expecting more or less of a dramatic moment? I've fried robotic parts before, and you really do get a small puff of acrid smoke. Things usually melt and turn black in my experience instead of cracking, but then, I've never zapped a big array of flash memory.

1 more reply

seivan14y ago

Hmmm, so you're using your hard drives in production and suddenly you add another point on the list of "possible bad things that can happen".

What if this gets triggered when you don't want it to? You're just adding another list of possible bad shit that can happen.

I rather wished it was not built into the device itself, but you connect it to something else.

Just add another layer of stuff that can go wrong, and this one fries the disk completely.

shimon_e14y ago

Being a Chinese solution I sort of wished they just attached some fireworks. :(

tferris14y ago

I guess these buttons have to be installed in some way that they are easily and quickly pressed in case of emergency before the enemy gets the equipment (so w/o opening your notebook i.e.). But then every colleague running past my desk can quickly trash my SSD. Probably a remote triggering the buttons via software makes more sense.

mmaunder14y ago

I think triggering an overwrite of all memory with random data by pressing a short sequence of on-unit buttons would be more practical when you're smuggling data through Jinnah international airport and the authorities seize you.

demoo14y ago

This movie clip feels like it could be featured in a dystopian sci-fi movie in which a big corporation has all the power. Just waiting for Deckard to walk by a billboard and see this playing.

Piskvorrr14y ago

"We have a batch of spontaneously self-destructing drives, now what?" "It's A Feature!" ;)

No, seriously, this may be pretty useful, especially since the self-destruct mechanism can be hooked up to something else.

Devilboy14y ago

Wow! I'd have to buy a stack of these so I can demo it to my friends every now and then.

j / k navigate · click thread line to collapse

38 comments

32 comments · 14 top-level

JoachimSchipper14y ago· 6 in thread

EDIT: clarified in response to DanBlake (and hackermom, who has just been hellbanned.)

DanBlake14y ago

Can you explain why adding a encryption routine is faster than just blind overwriting the data with 0's?

Genuinely curious as it seems that would not make sense, if you overwrote it with zeros in a comparable, logical manner.

lparry14y ago

1 more reply

JoachimSchipper14y ago

(Editing my original post to make this more clear. Sorry.)

3 more replies

JonnieCache14y ago

DanBC14y ago

The drive is always encrypted. In an emergency you only have to destroy a little bit of the drive; the part that stores the key.

ArchD14y ago

JonnieCache14y ago· 3 in thread

humbert14y ago

[1] https://www.defcon.org/html/links/dc-archives/dc-19-archive....

[2] http://www.sportsfirings.com/?p=4959

[3] http://www.youtube.com/watch?v=oXbq0BFzQQg

JonnieCache14y ago

Thanks muchly. I think it was probably the video that I saw.

EDIT: yep, it was. You should all watch it, it is most diverting.

DanBC14y ago

I'd be interested to see that link!

Perhaps it's this? DEFCON 19: And That's How I Lost My Eye: Exploring Emergency Data Destruction

(http://www.youtube.com/watch?v=oXbq0BFzQQg)

bobsy14y ago· 3 in thread

I am wondering what the use case for this is.

I mean you want to destroy your computing equipment for 2 reasons.

1) Its end of life cycle. In this situation you have plenty of time to do what you want.

2) The enemy is upon you. In this situation you are very short on time.

regomodo14y ago

"a better solution than trying to quickly unscrew the case. Find the cable."

A dedicated panel switch.

sneak14y ago

> hackers / pirates / terrorists

Some of us have been variously labelled all three.

datagramm14y ago

I'd imagine this was the manufacturer's intention. If you're going to the trouble of building a computer with an instant self-destruct feature, you'll probably put the button somewhere accessible.

tferris14y ago· 3 in thread

Why do I need the red button if the green button erases data sufficiently?

The red button is impressive but whats the benefit of trashing the SSD? Or does the green button not erase data with 100% reliability?

klodolph14y ago

It's for organizations that have different standards.

hristov14y ago

qbrass14y ago

The red button works in a few seconds. The green one might take a few minutes.

atleta14y ago· 1 in thread

VMG14y ago

The green button provides security even if your encryption key has been compromised.

twp14y ago· 1 in thread

makethetickOP14y ago

I imagine if someone is serious enough to be using this, they'd be running a UPS too.

jaems3314y ago· 1 in thread

Smoke and close up damage seem fake.

sirclueless14y ago

1 more reply

seivan14y ago

Hmmm, so you're using your hard drives in production and suddenly you add another point on the list of "possible bad things that can happen".

What if this gets triggered when you don't want it to? You're just adding another list of possible bad shit that can happen.

I rather wished it was not built into the device itself, but you connect it to something else.

Just add another layer of stuff that can go wrong, and this one fries the disk completely.

shimon_e14y ago

Being a Chinese solution I sort of wished they just attached some fireworks. :(

tferris14y ago

mmaunder14y ago

demoo14y ago

This movie clip feels like it could be featured in a dystopian sci-fi movie in which a big corporation has all the power. Just waiting for Deckard to walk by a billboard and see this playing.

Piskvorrr14y ago

"We have a batch of spontaneously self-destructing drives, now what?" "It's A Feature!" ;)

No, seriously, this may be pretty useful, especially since the self-destruct mechanism can be hooked up to something else.

Devilboy14y ago

Wow! I'd have to buy a stack of these so I can demo it to my friends every now and then.

j / k navigate · click thread line to collapse