Are SSDs a Security Risk?



+ Add a Comment


The answer is of course no.

SSDs are not inhertently less secure than any other storage medium. For true security, you don't store or physically locate the keys to unencrypt encrypted data with the data itself. Encrypt your important files with a strong encryption algorithm, keep the keys separate, and you have nothing to worry about.



Unsoldering chips from my hard drive, is that really something I need to lose sleep worrying about? Look, as long as I can't download some malware that will cause screwdrivers to remove my hard drive and run a soldering iron I think I'll be ok.



This is like saying that mechanical disks are insecure because you can take out the platters. Use software encryption if you need secure SSD storage.



I must say the some other comments that were written regarding "oh now everyone knows" didn't get much thought.

 1.  Common knowledge on Nand flash chips by anyone who has taken a post secondary electronics course or knows anything about flash chips

2. By comparison then a car manufacturer like mazda should tell you that by smashing the door on certain years of Mazda 3's in the right spot will cause the car door to unlock.  Guess you'll find out when your car is missing.

3. Security risks should be well documented and announced to the public so that people can make an informed decision when they purchase something.  Otherwise who is going to know and what accountability would there be from a company to the publice.  IE: Car recalls.


P.S. guess I informed a bunch of car thieves about the Mazda thing....darn it.



now when there's a rash of mazda 3 car thefts, should we point the police to your comment?




This whole security thing is getting out of hand.  Pretty much everything these days has some flaw in it that is a security issue. If you are really that concerned, just throw away your computer and use a typewriter. 



But then the ribbon on the typewriter would be a security issue. Any body could read what had been writen on that



As long as your laptop or pc or whatever you're using it for isn't stolen then people have nothing to worry about since those 2 methods require the physical presence of the drive. Regular hard drives are just as vulnerable, by different methods, if you go by his way of thinking.


Keith E. Whisman

Oh that's good tell the world how to hack ssd's. Wow I did'nt know how to get by the security features thanks alot now everyone knows asshole.

Just because you know a secret does'nt mean that you should tell the world. Ever hear the term loose lips sink ships? That applies here. I'm sure some bad people already knew these things but now everyone knows and now greedy idiots that don't know what they are doing are going to try it.

I really wish that security flaws would not be completely explained. Just explain that there are some holes and they will be fixed. That's all anyone needs. Or even how to make up for the security holes until they are fixed. Don't tell the world just what the hole or exploit is. I hate that. I never understood why people do that. It's like people want it to get out so they can see how bad it'll get.

This is like the news media telling the world what our Army is going to do next in Iraq and Afghanistan. Sure the media are a bunch of traitors but the army leadership are idiots for telling the media. Loose lips sink ships you see.

So please don't completely explain exploits anymore. Please don't. It just fuels people that normally would'nt try anything to do something stupid.



I often agree with such a claim, especially in the media coverage of armies.  At the same time one can say to "know thy enemy" which would require knowing their tactics. Therefore the press giving away US Military moves is betrayal while MPC giving away enemy moves is not.

I think it's good to inform people that the risk is out there and give a non-detailed explanation as to how it is done (which MPC did). I also feel that very few people are going to read this article and all of a sudden decide that they want to steal encrypted information and they are going to start by researching this more. With that reasoning one could just state that there will be just as many people who go out and want to research how to prevent this type of an attack.

Plus, as stated, this requires having your hard drive physically stolen from you or allowing someone access to your hard drive with all your secret information.



I couldn't agree more! But this article envelopes the thought of your laptop or PC being physically stolen. If thats the case and they wanted your data that bad, they would find ways around the encryption anyways whether it's SSD's or HD's. But explaining it to everyone like this invites trouble.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.