Ovrdrive does not encrypt its contents by default but has a uniquely physical security mechanism and can be rigged to self-destruct - by heating itself to over 100 degrees C:
Through GitHub and Crowd Supply, Ryan Walker of Interrupt Labs (via CNX Software) is releasing a security-focused, open-source USB flash drive called Ovrdrive USB, which boasts a self-destruct mechanism that heats the flash chip to over 100 degrees Celsius.
The Ovrdrive USB is unencrypted by default, so it should still be legal in countries where encryption is otherwise illegal while providing an extra degree of (physical) security not matched by our current best flash drives.
First, the Ovrdrive USB design functions pretty simply. It's mostly a run-of-the-mill USB flash drive with a unique activation mechanism. For it to be detected by your machine, you have to rapidly insert the drive three consecutive times actually to turn it on. Failure to do so will hide the drive's partition and give the impression that it's broken. Initially, it was supposed to self-destruct, but it proved too challenging to mass produce, forcing Walker to change the drive.
[...] In its crowdfunding campaign on Crowd Supply, the flash drive is slated for an August 2024 release and priced at $69 with free US domestic shipping or $12 international shipping for the rest of the world. At the original time of writing, the flash drive has reached 70% of its funding, with two days remaining on the funding deadline.
Related: Report Reveals Decline In Quality Of USB Sticks And MicroSD Cards
Related Stories
https://www.theregister.com/2024/02/07/failed_usb_sticks/
The report, from German data recovery company CBL, concluded that NAND chips from reputable manufacturers such as Hynix, Sandisk, or Samsung that had failed quality control were being resold and repurposed. While still working, the chips' storage capacity is reduced.
"When we opened defective USB sticks last year, we found an alarming number of inferior memory chips with reduced capacity and the manufacturer's logo removed from the chip. Clearly discarded and unrecognizable microSD cards are also soldered onto a USB stick and managed with the external one on the USB stick board instead of the microSD's internal controller," explains Conrad Heinicke, Managing Director of CBL Datenrettung GmbH.
[...] Technological advancements have also affected these NAND chips, but not in a good way. The chips originally used single-level cell (SLC) memory cells that only stored one bit each, offering less data density but better performance and reliability. In order to increase the amount of storage the chips offered, manufacturers started moving to four bits per cell (QLC), decreasing the endurance and retention. Combined with the questionable components, it's why CBL warns that "You shouldn't rely too much on the reliability of flash memory."
[...] It's always wise to be careful when choosing your storage device and beware of offers that seem too good to be true. Back in 2022, a generic 30TB M.2 external SSD was available for about $18 on Walmart's website. It actually held two 512MB SD cards stuck to the board with hot glue – their firmware had been modified to report each one as 15 TB. There was also the case of fake Samsung SSDs with unbelievable slow speeds uncovered last year.
(Score: 4, Informative) by looorg on Wednesday February 14 2024, @09:12AM (12 children)
But does it play the Impossible Mission theme?
Right. That won't ever be a problem ... How fast is "rapid"? How long until it wears out or the solder joints break from all the rapid insert and removal? Cause if it's rapid you don't really align it very well I would gather.
So it's sort of a reverse killer-USB stick but instead of sending the load into the machine it tries to boil itself? That said "around 100 degrees Celsius" isn't really a lot, not even sure most modern chips will care. If you don't have proper cooling that isn't anything that a modern processor isn't already doing and they are not burning out left and right. How fast will it reach 100 degrees Celsius? It would probably have to be near instant for it to even matter. Other components on the board might fail before and then it all stops as you smell the magic smoke.
(Score: 4, Informative) by looorg on Wednesday February 14 2024, @09:14AM
Impossible Mission is the C64 game, the TV thing is Mission Impossible ... morning coffee ...
(Score: 0, Touché) by Anonymous Coward on Wednesday February 14 2024, @12:54PM
Fixed the platform's specific for you.
(Score: 3, Informative) by owl on Wednesday February 14 2024, @03:33PM (2 children)
For a standard USB-A port, there is no such thing as "rapid" insertion. Nienty-eight percent of insertions require three attempts. First attempt, does not insert. Flip 180 degrees. Second attempt, does not insert. Flip 180 degrees. Third attempt, it finally will insert into the port.
There is no way to go through the "three tries" required of the USB-A port design, and simultaneously make such insertions occur "rapidly".
(Score: 3, Funny) by tangomargarine on Wednesday February 14 2024, @05:55PM (1 child)
I've never understood you weirdos who keep making this claim over the years. Do you have a lot of trouble tying your own shoelaces, or walking and chewing gum at the same time, too?
Just look at the damn plug for one second before you plug it in. It's not rocket science.
Plus, with USB drives they usually have a clearly different "top" and "bottom", so you only need to figure out which is which once ever, unless you use multiple PCs and for some strange reason one of them has its USB ports mounted upside-down.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 4, Insightful) by owl on Wednesday February 14 2024, @07:14PM
We do, but unless we are also lucky enough to be plugging into a front size, visible USB-A port, the "Try three times" game will almost always occur. First try, on the not front-side, not directly visible, port, with the correct orientation will flatly refuse to go in. Flip, it won't go in again (now because it is actually backwards). Flip again (back to the correct orientation) and it will now, mysteriously go in, even though it refused the first time with the same orientation.
The reason is that neither of the plug nor port have camfers on the edges to provide automatic "self-alignment" for a sightly mis-aligned aim. So if one's aim is not "perfect" into the not visible port, the plug simply won't go in.
(Score: 3, Interesting) by mcgrew on Wednesday February 14 2024, @03:54PM (6 children)
100 degrees Celsius boils water. Heat is the number one enemy of semiconductors. Try taking the battery out of your phone and dropping the phone in a pot of boiling water, taking it out with tongs, and thoroughly drying it over a few days.
I really doubt that after putting the battery back in it will work any more.
"Nobody knows everything about anything." — Dr Jerry Morton, Journey to Madness
(Score: 5, Interesting) by owl on Wednesday February 14 2024, @04:21PM (4 children)
Most semiconductors are specified to operate from 70 to 100 degrees C (note, that is operate). Higher grade semiconductors are specified to operate over 100 degrees C.
Lead free solder melt temps begin at 232 degrees C and go up to 250 degrees C. And in the data sheets you'll find specifications for soldering of "X temp for Y time" where the semiconductor (not operating) will tolerate the heat that results from the soldering process (and these temps are substantially higher than 100 degrees C).
If your hypothetical phone quit after this hypothetical boiling water bath, it will not be because 100 degrees C was hotter than the semiconductors could handle, but for some other reason involving water infiltration and damage.
For destruction of a flash memory chip, the heat tolerance of the semiconductor memory chip is the critical component. Boiling water temp hardly seems hot enough to actually damage the chip, so there must be some other method being used, and the marketing dept. got some wires crossed when they wrote "100 degrees C" for the heat level.
(Score: 3, Insightful) by deimtee on Wednesday February 14 2024, @09:36PM (1 child)
TFA is not clear though, is it physically destroying the chip, or is 100C enough to wipe the data on it?
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by owl on Thursday February 15 2024, @10:30PM
A valid point. And while we don't know what brand of flash memory is in this device, here's a data sheet [amazon.com]" for a Micro flash chip. It was simply the first hit from a search for "flash memory chip data sheet".
One has to scroll all the way to pdf page 38 to find the temp ratings, but table 11 says the storage temperature range is -65 °C to +150 °C.
Table 12 (same page) lists the recommended operating conditions and the widest temp range is the "extended" version, specified to operate from -40 °C to +85 °C. Even the "commercial" version has a respectable +70 °C top end recommended.
Given a recommended max of +70 °C or +85 °C (depending on variant) and a storage value of +150 °C, it seems hard to swallow that a measly 100 °C will destroy the chip. Certainly this Micron chip in this datasheet should survive at 100 °C in storage, and would likely operate at 100 °C as well (it is just not guaranteed to actually operate at that temp).
So unless this company has sourced special flash chips that become very leaky at 100 °C (which would make them quite specialized, and expensive) the 100 °C value has the smell of a number the reporter writing the story pulled out of their ass.
And given the fact that so many reporters create "wet streets cause rain [epsilontheory.com]" writeups in their reporting on just about everything, we have to assign a fair probability that this 100 °C is just something conjured out of thin air by the reporter.
(Score: 2) by driverless on Thursday February 15 2024, @02:58AM (1 child)
Yup, 100 degrees won't really do much. A bigger concern though is that this sounds like some sort of pyrotechinc mechanism, which means if he tries to sell it or, worse, ship it, he's going to get a call or visit from some no-nonsense gentlemen who'll inform him about how many laws he'd be breaking by doing so.
OTOH if it's just a nichrome wire or equivalent then I can't see how it's going to be powered, or why anyone would wait around for it to heat the chip up a bit.
Unless there's a lot of detail being missed, this sounds like a gimmick someone thought up after a few beers. The German word schnapsidee [dw.com] springs to mind.
(Score: 2) by driverless on Thursday February 15 2024, @03:01AM
Hit reply too soon, "the mechanism reverses the voltage supplied to the device to around 100 degrees Celsius". Ah, of course, it reverses the polarity of the neutron flow to generate heat.
(Score: 2) by looorg on Wednesday February 14 2024, @04:59PM
Yes that is correct. But it would be some serious flash boiling required, it's not that you go from room temperature to 100C instantly. Over long periods of time operating at 100C is not going to be very good, but here it seems like it's going to go more or less instantly and by that just wreck the circuit or memory chips. In this case it's a specific chip to that needs to get boiled. I'm not sure it's going to work, but I guess he must have figured something out since he is trying to sell people on a crowdfunding effort for it.
(Score: 5, Interesting) by Rosco P. Coltrane on Wednesday February 14 2024, @11:33AM (3 children)
Sometime in the late 80's, I made a 4MB SCSI ramdisk for my Atari ST. Yes, that was a real external disk, with a real SCSI controller, but the disk was actual RAM. It kept its content from the mains power, and if that failed, it could ride out the power cut with a small gel lead-acid battery for a couple of days.
But here's the kicker: all 4 rubber feet had a microswidth underneath. Lift the drive off the table, and *poof* went the content.
I never used it for anything but it was a fun project. The truth is, it was entirely too easy to knock the device off the table and lose all the data. But for the truly paranoid and the hypothetical person who had data they truly risked big being found in possession of, you couldn't beat it.
(Score: 2) by Tork on Wednesday February 14 2024, @08:13PM (2 children)
Was that an anti-law enforcement feature?!
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by Rosco P. Coltrane on Wednesday February 14 2024, @08:21PM (1 child)
Pretty much.
(Score: 2) by Tork on Wednesday February 14 2024, @08:27PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 4, Interesting) by Mojibake Tengu on Wednesday February 14 2024, @12:15PM
I don't know how you guys do critical servers today, but what I remember here 25 years ago, there were strict state regulations about servers rigged with mandatory thermite charges placed directly on disks as a requirement for Certificate Authority accreditation, one secured server per a locked-down flame-room.
This USB drive is a toy.
Rust programming language offends both my Intelligence and my Spirit.
(Score: 5, Touché) by Nuke on Wednesday February 14 2024, @01:13PM (2 children)
Uncrackable, as long as the secret never gets out on the internet that it requires three insertions to switch it on. And what could possibly go wrong with burning the thing out on your desk? - oh, I get it, that would be the bad guy's desk of course. Why not just put some serious explosive in there to take their hand off while we are at it?
(Score: 2) by looorg on Wednesday February 14 2024, @01:25PM
Right. Cause it won't look suspicious at all if you are sitting there jabbing your USB stick into the machine like as if you are trying to impregnate it. Subtle. One would think people that "needs" this are, or fear that they are, under surveillance.
If you put a small Termite charge or something similar onto it I guess they might not be able to sell it, you can't bring it on travels etc. Sitting in some public area (train, airplane ...) and you take a few seconds to long and you just jab it in twice and then it all just goes boom.
(Score: 3, Informative) by number11 on Wednesday February 14 2024, @05:23PM
The original article says:
So this is a "some assembly required" thing.
(Score: 4, Touché) by Snotnose on Wednesday February 14 2024, @01:56PM
Can't wait for the tittok vids showing how to "fix" a "broken" USB by popping it in and out a few times. I'm sure some prankster will blow on the connector first.
Bad decisions, great stories
(Score: 4, Funny) by mcgrew on Wednesday February 14 2024, @03:48PM (1 child)
There was a very similar thread on slashdot about exploding semiconductors, most likely for use in top secret military aircraft. This is from the Springfield Fragfest at the time, from the book Random Scribblings:
"Nobody knows everything about anything." — Dr Jerry Morton, Journey to Madness
(Score: 3, Interesting) by cereal_burpist on Thursday February 15 2024, @10:40AM
https://www.theregister.com/2000/07/04/hackers_can_make_your_pc/ [theregister.com]