Skip to content
DevMeme
5414 of 7435
How to Securely Not Destroy Data on an SSD
Hardware Post #5934, on Mar 13, 2024 in TG

How to Securely Not Destroy Data on an SSD

Description

A screenshot of a Mastodon post from the account 'nixCraft'. The post's text humorously describes a data destruction process: 'Compliance is the root of all evil. So, you want to destroy the SSD? Drill all SSDs. Destroyed finally. All data is safe. Let's go home.' Below this text, a series of three images reveals the punchline. The first image shows a 2.5-inch Micron SSD with a clean hole drilled directly through its center. The second image shows the same type of SSD with its case opened, revealing that the drilled hole passed through an empty section of the enclosure, completely missing the green printed circuit board (PCB) where the actual data-storing NAND flash chips reside. The final image displays a pile of similarly 'destroyed' SSDs, all with holes in the same ineffective location. The technical joke is that this physical destruction method is completely useless, as the core storage components are untouched and the data remains fully recoverable. It's a classic example of someone following a procedure without understanding the underlying hardware, perfectly illustrating the concept of 'compliance theater' for a technical audience

Comments

48
Anonymous ★ Top Pick This must be that new 'air-gapped storage' I've heard about. The data is perfectly safe, insulated from the drill bit by a pocket of incompetence
  1. Anonymous ★ Top Pick

    This must be that new 'air-gapped storage' I've heard about. The data is perfectly safe, insulated from the drill bit by a pocket of incompetence

  2. Anonymous

    Compliance said “physical destruction trumps crypto-erase,” so Ops swapped a 2 ms key wipe for a 2-inch drill bit - auditor happy, NAND intact, and we’ve basically reinvented write-hole amplification

  3. Anonymous

    After 20 years in the industry, I've learned that drilling SSDs for compliance is like using a sledgehammer on a Rubik's cube - sure, it looks destroyed, but somewhere a forensic analyst with an electron microscope and too much coffee is already planning their conference talk on 'Recovering Data from Mechanically Damaged NAND Flash: A Case Study in Why Your Compliance Officer Should Have Called Engineering First'

  4. Anonymous

    Ah yes, the classic enterprise approach to data security: when your compliance officer discovers that 'secure erase' is just a TRIM command and decides the only trustworthy cryptographic algorithm is a 3/8" drill bit running at 2000 RPM. Because nothing says 'we take GDPR seriously' quite like turning your self-encrypting drives into Swiss cheese - ironically making the hardware-level AES-256 encryption completely moot. At least now you can confidently tell auditors that your data retention policy is 'physically impossible to violate.'

  5. Anonymous

    ATA Secure Erase? Compliance says 'cute,' grabs the drill for that enterprise-grade ventilation

  6. Anonymous

    Compliance asked us to destroy the SSDs, so we drilled the one spot with no NAND. Audit passed, electrons unchanged - security theater so good the FTL didn’t even remap

  7. Anonymous

    Opal SEDs can PSID‑revert in seconds, but the policy said “one hole per drive” - the security equivalent of 100% test coverage on mocks

  8. Deleted Account 2y

    Explain pls

    1. @gen1321 2y

      ssd's are not harddrives, they are pretty small and might not be in a place where you drill a hole

    2. @disembowlement 2y

      to destroy hdd u just drilling disk, but with ssd - it's not that simple

  9. @boyarishnik_sama 2y

    Question is, how did they miss the fact that they've only drilled through thin metal?

    1. @gen1321 2y

      cuz why would he give a fuck

      1. @boyarishnik_sama 2y

        Fair

    2. @claudio_tg 2y

      That's the joke.

  10. @disembowlement 2y

    But it can destroy metadata which points to clusters

  11. @LainIwakura84 2y

    Lol, that's literaly my SSD.

    1. @boyarishnik_sama 2y

      I'd bet that most SATA SSDs are like that

      1. @LainIwakura84 2y

        It was 256 gb ssd from old and cheap laptop.

        1. @boyarishnik_sama 2y

          Makes sense. But really, it kinda is a shame that a lot (if not all, really) of SATA SSDs just have a lot of empty unused space

          1. @SamsonovAnton 2y

            Even more shameful is that those drives lack proper cooling and overheat quickly, throttling themselves to near-zero speeds.

            1. @boyarishnik_sama 2y

              yeah, that kind of design does not accommodate the potential thermal issues, all the more reasons to not use SATA SSDs

              1. @SamsonovAnton 2y

                ... or use properly designed 2.5" SATA SSDs — with internal heat spreaders.

                1. @boyarishnik_sama 2y

                  or that, yeah

    2. @callofvoid0 2y

      safety by redundancy

    3. @andronkolaider 2y

      I can't pick words to describe how much I hate that empty space on top

      1. @sylfn 2y

        why

        1. @andronkolaider 2y

          waste of materials

  12. @flex_ape 2y

    Just put it in the microwave lol

  13. @disembowlement 2y

    It's mean that I must use a powerful magnet to make it unreadable?

  14. @boyarishnik_sama 2y

    Like packaging from 80s-90s, lots of landfill for a tiny nugget

    1. @AmindaEU 2y

      I am reminded of SIM cards

      1. @boyarishnik_sama 2y

        True, shitload of plastic for (currently) nano SIM

  15. @beton_kruglosu_totchno 2y

    ATA Secure Erase? No, we do not do that.

  16. @CcxCZ 2y

    Encrypt All The Sensitive Data

  17. @ilmart 2y

    The drives are OPAL 2.0 compatible

  18. @CcxCZ 2y

    "All" tends to be difficult. You need something to boot from etc. What I do though is to keep encryption keys / LUKS header on different device than the data. So one is useless without the other.

  19. @CcxCZ 2y

    No, but it definitely raises the bar significantly. Like a lab with expensive SEM and many days of tedious work significantly.

  20. @CcxCZ 2y

    So is your ESP / MBR encrypted? Have you flashed coreboot with built-in decryption keys to your mainboard? How do you protect those? :-]

  21. @neopulsar 2y

    actually there is enterprise disk shredder https://www.youtube.com/watch?v=4dR5lbF5-wo&t=239s

  22. Deleted Account 2y

    Serious question: DoD erasing is effective on SSD disks?

    1. @CcxCZ 2y

      Since disks started doing bad block relocation (which is crucial for SSDs) you have no guarantee from any software erase that it can go through all the relevant blocks. Hence, encrypt stuff first before it hits the disk. Even if you didn't password protect it the specific block holding the master key would have to be preserved for any other data there to be of use. And you have much better chance of securely erasing 256 bits of a key information than 1TB which all may or may not be sensitive.

    2. @karanokyoukai 2y

      Actually there is no kind of soft method to absolutely entirely erase data on ssd and hdd.

      1. @SamsonovAnton 2y

        No need to actually erase the data if you can just drop the encryption key. Self-encrypting drives with "Instant Secure Erase" function do just that.

  23. @karanokyoukai 2y

    Break the fragile silicon chip into fragment is much safer.

  24. @sylfn 2y

    oh— @purplesyringa

  25. @affirvega 2y

    @RiedleroD

  26. @ZgGPuo8dZef58K6hxxGVj3Z2 2y

    Imagine using int data type for a transaction and using a separate bool to set its negativity which is called “isNew”

    1. @ZgGPuo8dZef58K6hxxGVj3Z2 2y

      Week ruined

Use J and K for navigation