
Chinese SSD offers mission impossible style self destruction - makethetick
http://www.theregister.co.uk/2012/05/21/runcore_self_destructing_ssd/
======
JonnieCache
I just wasted 5 minutes trying to find a link to post here. It was an article
where two hackers decided to actually try out all the various hard disk
destruction methods people postulate, with a view to making a remote self-
destruct mechanism. They posted lots of photos of different things they tried,
and an amusing write up of their escapades: they burned them with fire,
attacked them with acid, masonry drills, other chemicals, almost maiming
themselves and annihilating their garage a couple of times. If anyone could
dregde up the URL for me I'd be most appreciative.

~~~
humbert
The article is likely about the talk "And That's How I Lost My Eye: Exploring
Emergency Data Destruction" at DEFCON 19 [1]. A blog post [2] gives a quick
overview, and the 50 minute talk [3] is very entertaining. There's no
whitepaper, and I couldn't quickly find a more detailed article.

[1] [https://www.defcon.org/html/links/dc-
archives/dc-19-archive....](https://www.defcon.org/html/links/dc-
archives/dc-19-archive.html#Lawson)

[2] <http://www.sportsfirings.com/?p=4959>

[3] <http://www.youtube.com/watch?v=oXbq0BFzQQg>

~~~
JonnieCache
Thanks muchly. I think it was probably the video that I saw.

EDIT: yep, it was. You should all watch it, it is most diverting.

------
bobsy
I am wondering what the use case for this is.

I mean you want to destroy your computing equipment for 2 reasons.

1) Its end of life cycle. In this situation you have plenty of time to do what
you want.

2) The enemy is upon you. In this situation you are very short on time.

For situation 2 I would have thought burning or blowing up the computers would
be a better solution than trying to quickly unscrew the case. Find the cable.
Find the hole to plug the cable in. Press the button. Move onto next hard
drive / system.

For situation 1 I would have thought that destroying them another way would be
just as effective. You would also have the advantage of not having self
destructing hard drives in key systems which could malfunction / be exploited
/ triggered because someone pressed the red button to erase by mistake.

The only use case I can think of is hackers / pirates / terrorists. I could
see them running a computer which has the red button ready to go and taped to
the outside of the case to destroy evidence as soon as police try to kick down
your front door.

~~~
regomodo
"a better solution than trying to quickly unscrew the case. Find the cable."

A dedicated panel switch.

------
JoachimSchipper
I'm really surprised that they implement "destroy all data" by physically
overwriting the flash cells. This is commonly (e.g. iPhone) done by storing
all data encrypted with a randomly-chosen key and just throwing away the key
to "delete" it, which is a _much_ faster way to destroy a drive. And it's not
like Flash drives can function without a somewhat complicated controller
anyway...

EDIT: clarified in response to DanBlake (and hackermom, who has just been
hellbanned.)

~~~
DanBlake
Can you explain why adding a encryption routine is faster than just blind
overwriting the data with 0's?

Genuinely curious as it seems that would not make sense, if you overwrote it
with zeros in a comparable, logical manner.

~~~
JoachimSchipper
What JonnieCache and DanBC say: keep the data encrypted at all times, then you
can just overwrite the few bytes of the encryption key to render the data
unreadable. This has the additional advantage that you only need to really
securely erase a very small amount of storage (plus the controller's memory.)

(Editing my original post to make this more clear. Sorry.)

~~~
DanBlake
Oh, I thought you mean "as you push it" encryption.

When I was in the military, Encrypting data was not acceptable for disposal
though. They make you physically destroy it, which is why I imagine they do
things in this manner.

~~~
JoachimSchipper
Yes, physically destroying drives prevents problems ("oh that wasn't
encrypted?", "turns out it still had parts of unencrypted data on it from the
previous server it was installed in", "what do you mean 'encrypted according
to 1995 standards' (DES) is no longer secure?"). It's a good policy; but if
you offer both "destroy" and "erase", "my" crypto implementation of "erase"
has a lot to recommend it. (And there's no reason you can't follow it with a
good zero-everything.)

------
seivan
Hmmm, so you're using your hard drives in production and suddenly you add
another point on the list of "possible bad things that can happen".

What if this gets triggered when you don't want it to? You're just adding
another list of possible bad shit that can happen.

I rather wished it was not built into the device itself, but you connect it to
something else.

Just add another layer of stuff that can go wrong, and this one fries the disk
completely.

------
shimon_e
Being a Chinese solution I sort of wished they just attached some fireworks.
:(

------
tferris
I guess these buttons have to be installed in some way that they are easily
and quickly pressed in case of emergency before the enemy gets the equipment
(so w/o opening your notebook i.e.). But then every colleague running past my
desk can quickly trash my SSD. Probably a remote triggering the buttons via
software makes more sense.

------
atleta
What's the point of the green button (overwriting data with random garbage),
if you can have an encrypted drive, which means you have random garbage on it
all the time, lest you have the key. Well, maybe that's how it works (erasing
the encryption key), though in this case there is no point of doing it
remotely.

In this case the red button is not that important either. The only thing they
could be used is when you are tortured to give away the decryption key (or
passphrase) for the drive. By pressing the red button, you could convince the
bad guys, that they won't be able to read the data anyway. The green button
would not save your arse, since they may just think that you gave them the
wrong key.

~~~
VMG
The green button provides security even if your encryption key has been
compromised.

------
mmaunder
I think triggering an overwrite of all memory with random data by pressing a
short sequence of on-unit buttons would be more practical when you're
smuggling data through Jinnah international airport and the authorities seize
you.

------
demoo
This movie clip feels like it could be featured in a dystopian sci-fi movie in
which a big corporation has all the power. Just waiting for Deckard to walk by
a billboard and see this playing.

------
tferris
Why do I need the red button if the green button erases data sufficiently?

The red button is impressive but whats the benefit of trashing the SSD? Or
does the green button not erase data with 100% reliability?

~~~
klodolph
It's for organizations that have different standards.

For example, the DoD has a pretty strict standard w.r.t. erasing traditional
magnetic hard drives, even though `dd of=/dev/zero` should be good enough.
Attacks at that point are theoretical, but they want defenses against
theoretical attacks.

------
twp
Does this have an internal battery to ensure that the destruction is complete
even if the power source is removed? Otherwise there's an obvious weakness:
before raiding the house, cut the power: this will prevent the SSD user from
being able to destroy their data.

~~~
makethetick
I imagine if someone is serious enough to be using this, they'd be running a
UPS too.

------
Piskvorrr
"We have a batch of spontaneously self-destructing drives, now what?" "It's A
Feature!" ;)

No, seriously, this may be pretty useful, especially since the self-destruct
mechanism can be hooked up to something else.

------
jaems33
Smoke and close up damage seem fake.

~~~
sirclueless
Were you expecting more or less of a dramatic moment? I've fried robotic parts
before, and you really do get a small puff of acrid smoke. Things usually melt
and turn black in my experience instead of cracking, but then, I've never
zapped a big array of flash memory.

------
Devilboy
Wow! I'd have to buy a stack of these so I can demo it to my friends every now
and then.

