Technology

40756 readers

550 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago

MODERATORS

alyaza@beehaw.org

TheRtRevKaiser@beehaw.org

gyrfalcon@beehaw.org

rs5th@beehaw.org

coldredlight@beehaw.org

SemioticStandard@beehaw.org

TheRtRevKaiser@kbin.social

remington@beehaw.org

Press a button and this SSD will self-destruct with all your data (www.theverge.com)

submitted 4 days ago by along_the_road@beehaw.org to c/technology@beehaw.org

27 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] sefra1@lemmy.zip 23 points 4 days ago (3 children)

So, let's see if I understand, the device only destroys the data after it's connected to a computer.

So an adversary can just not connect it to a computer and extract the data through alternative means (like unsoldering the chip and reading it directly.

The device should be able to destroy itself either from an internal battery or some physical or chemical mechanism.

[–] nekusoul@lemmy.nekusoul.de 11 points 4 days ago

My assumption is that it probably uses the same mechanism that most other SSDs already have where it always saves the data with internal encryption and simply overwrites the encryption key when a wipe is requested.

This same mechanism already allows SSDs to be formatted quickly while still being secure without having to zero out everything, which would cause a lot of additional wear.

The additional complete wiping would just be the cherry on top.

[+] sleepundertheleaves@infosec.pub 4 points 4 days ago* (last edited 4 days ago) (1 children)

[deleted]

[–] sefra1@lemmy.zip 5 points 4 days ago

if you're using proper encryption it's going to be difficult or impossible to decrypt the files on the drive, so the data should be secure even if the drive is stolen, copied, etc.

Encryption should always be the last line of defence, encryption that is unbreakable today may be trivially broken tomorrow. Which is why I also I still prefer to overwrite drives with random data instead of just trusting the sanitise command (Even though I know that a big chunk of the data stays unoverwritten as part of the drive's "provisional area".

(Which raises another issue that "deleting" a luks keyslot or the whole header doesn't actually warranty it's deleted, may have just be moved to the provisional area. So if a key somehow is compromised it becomes nessesary to physically destroy the drive.)

However, when you're actively using the drive and have files decrypted, and then you lose physical access to your devices, you have a problem. IIRC that's how they got Ross Ulbricht's files - monitored him until he unlocked his laptop in a cafe and then grabbed it (and him). If you're worried about that specific threat profile it makes a little more sense to have an easily accessible physical DELETE EVERYTHING NOW button that only operates when the drive is running.

In that case I rather use something that will reboot the computer and shred the ram as it would serve the same purpose with the bonus that contents can't also be recovered from ram. Something like an usb drive with a string wrapped around the wrist.

Now, in the situation that the keys have leaked somehow, (like recording the keyboard from afar while the user types the passphrase) then the self-erasing hard drive makes a lot more sense, assuming the user has time to trigger the mechanism.

Now the issue is, that overwriting even a fast ssd takes time, so I'm assuming the device works by destroying or erasing a security chip that holds the keys for the main storage, however the data is still there if the adversary cuts the power before overwriting the whole drive. Ofc encrypted, but like I said before, encryption may be broken tomorrow. A physical or chemical solution that grinds or dissolves the chip somehow seems to me a better option, with the bonus that it can be made to work without electricity.

[–] Sidhean@piefed.social 3 points 4 days ago

The image you posted seems to disagree with you. There is some sort of "Physical Data Destruction" in phase 2. The article says the switch breaks some chips, but I didn't get much beyond that. In any case, lets hope the delete-when-plugged-in thing is redundant.