Are SSDs a Security Risk?
PrintThe past few months we've watched SSDs gain momentum and attract the focus of both manufacturers and consumers. From larger capacities to faster performance, traditional hard drives suddenly find themselves on the verge of obsolesence. Or do they?
One of the biggest concerns surrounding SSDs continues to be long-term reliability, but there might even be a bigger stumbling block. Because many SSDs use industry-standard NAND flash chips designed for handheld gadgets, physical security becomes a potential issue. Jim Handy, director of semiconductor research and consulting firm Objective Analysis, points out there's nothing to prevent a hacker from unsoldering NAND chips from an SSD and extracting the data using a flash chip programmer. "There's really nothing sophisticated about this process," Handy said.
But that's not the only method. A hacker could use an ultraviolet laser to wipe out lock bits (encryption locks) from fuses on chip that secure SSDs. The data can then be read without any special software.
Is Jim Handy right to be concerned? Hit the jump to post your thoughts.
More like this
endee
September 02, 2008 at 8:59am
The answer is of course no.
SSDs are not inhertently less secure than any other storage medium. For true security, you don't store or physically locate the keys to unencrypt encrypted data with the data itself. Encrypt your important files with a strong encryption algorithm, keep the keys separate, and you have nothing to worry about.
roninnder
September 01, 2008 at 4:23pm
Unsoldering chips from my hard drive, is that really something I need to lose sleep worrying about? Look, as long as I can't download some malware that will cause screwdrivers to remove my hard drive and run a soldering iron I think I'll be ok.
anonuser
September 01, 2008 at 3:21pm
This is like saying that mechanical disks are insecure because you can take out the platters. Use software encryption if you need secure SSD storage.
zodi
September 01, 2008 at 1:30pm
I must say the some other comments that were written regarding "oh now everyone knows" didn't get much thought.
1. Common knowledge on Nand flash chips by anyone who has taken a post secondary electronics course or knows anything about flash chips
2. By comparison then a car manufacturer like mazda should tell you that by smashing the door on certain years of Mazda 3's in the right spot will cause the car door to unlock. Guess you'll find out when your car is missing.
3. Security risks should be well documented and announced to the public so that people can make an informed decision when they purchase something. Otherwise who is going to know and what accountability would there be from a company to the publice. IE: Car recalls.
P.S. guess I informed a bunch of car thieves about the Mazda thing....darn it.
gatorXXX
September 01, 2008 at 3:49pm
now when there's a rash of mazda 3 car thefts, should we point the police to your comment?.......lol
knexkid
September 01, 2008 at 12:12pm
This whole security thing is getting out of hand. Pretty much everything these days has some flaw in it that is a security issue. If you are really that concerned, just throw away your computer and use a typewriter.
jacobhweeks
August 03, 2010 at 6:59am
But then the ribbon on the typewriter would be a security issue. Any body could read what had been writen on that typewriter...lol
chronium
September 01, 2008 at 10:21am
As long as your laptop or pc or whatever you're using it for isn't stolen then people have nothing to worry about since those 2 methods require the physical presence of the drive. Regular hard drives are just as vulnerable, by different methods, if you go by his way of thinking.
Keith E. Whisman
September 01, 2008 at 10:00am
Oh that's good tell the world how to hack ssd's. Wow I did'nt know how to get by the security features thanks alot now everyone knows asshole.
Just because you know a secret does'nt mean that you should tell the world. Ever hear the term loose lips sink ships? That applies here. I'm sure some bad people already knew these things but now everyone knows and now greedy idiots that don't know what they are doing are going to try it.
I really wish that security flaws would not be completely explained. Just explain that there are some holes and they will be fixed. That's all anyone needs. Or even how to make up for the security holes until they are fixed. Don't tell the world just what the hole or exploit is. I hate that. I never understood why people do that. It's like people want it to get out so they can see how bad it'll get.
This is like the news media telling the world what our Army is going to do next in Iraq and Afghanistan. Sure the media are a bunch of traitors but the army leadership are idiots for telling the media. Loose lips sink ships you see.
So please don't completely explain exploits anymore. Please don't. It just fuels people that normally would'nt try anything to do something stupid.
ferds7
September 01, 2008 at 1:16pm
I often agree with such a claim, especially in the media coverage of armies. At the same time one can say to "know thy enemy" which would require knowing their tactics. Therefore the press giving away US Military moves is betrayal while MPC giving away enemy moves is not.
I think it's good to inform people that the risk is out there and give a non-detailed explanation as to how it is done (which MPC did). I also feel that very few people are going to read this article and all of a sudden decide that they want to steal encrypted information and they are going to start by researching this more. With that reasoning one could just state that there will be just as many people who go out and want to research how to prevent this type of an attack.
Plus, as stated, this requires having your hard drive physically stolen from you or allowing someone access to your hard drive with all your secret information.
gatorXXX
September 01, 2008 at 10:25am
I couldn't agree more! But this article envelopes the thought of your laptop or PC being physically stolen. If thats the case and they wanted your data that bad, they would find ways around the encryption anyways whether it's SSD's or HD's. But explaining it to everyone like this invites trouble.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm2 hours 57 min ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ4 hours 11 min ago
- maximumpc: Blizzard Newstravaganza: Diablo III Gets Release Window, Blizz Sues Valve over DOTA http://t.co/79gkeH7p6 hours 5 min ago
