Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Data Storage Encryption Security Hardware IT

Self-Wiping Hard Drives From Toshiba 268

Orome1 writes "Toshiba announced a family of self-encrypting hard disk drives engineered to automatically invalidate protected data when connected to an unknown host. Data invalidation attributes can be set for multiple data ranges, enabling targeted data in the drive to be rendered indecipherable by command, on power cycle, or on host authentication error."
This discussion has been archived. No new comments can be posted.

Self-Wiping Hard Drives From Toshiba

Comments Filter:
  • by The MAZZTer ( 911996 ) <megazztNO@SPAMgmail.com> on Wednesday April 13, 2011 @12:19PM (#35809882) Homepage
    ...is going to love these.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I guarantee there is a or backdoor master key that will allow law enforcement to access the drive.

      • I guarantee there is a or backdoor master key that will allow law enforcement to access the drive.

        The difference between "law enforcement" and the NSA is several orders of magnitude when it comes to "backdoor" anything.

        My point here is the only "backdoor" keys (IF there really are any) are going to be closely held secrets within certain agencies, not for any person with a badge to have access to. Otherwise, you would leave no room for the lawyers to generate "revenue" bitching back and forth about encrypted data and user rights.

        • Except the more people that have access to something like that, the more likely it is to get loose. On top of that, it appears as though cell phones have a backdoor key as well. This was determined by a university group that tried to crack the encryption, and the way and speed it broke lead them to conclude that there is a common key to all of them. They assumed it was instituted by 'law enforcement' to make it easy for them to crack the phones. After all, if you already have half the key, it becomes many o
      • by Lumpy ( 12016 )

        Which makes truecrypt your friend. Cant backdoor that one....

        well they can have big bubba in cellblock 5 backdoor the key out of you.

        • You only use truecrypt? I use 7zip to compress and encrypt it, store that in a truecrypt volume, then compress and encrypt THAT before moving it to another truecrypt volume. Sure it takes some time to access files and it involves remembering four complex passwords, but goddamit I'm secure! ....STOP STARING AT MY TINFOIL HAT!
    • by arcctgx ( 607542 ) on Wednesday April 13, 2011 @12:26PM (#35810008)

      Confiscate the computer with a self-encrypting HDD. Boot a live CD, image the HDD. Analyse the image.

      Or am I missing the point?

      • There are very strict rules of evidence that require you to PROVE that you didn't tamper with data. Mounting a disk read/write certainly violates those rules. Attaching the disk to a computer that CAN mount the disk read/write (as opposed to using a hardware write blocker) probably violates them.

        • Even if the system sees the disk as read-only, the drive itself can do whatever it wants as long as its powered.
        • by mlts ( 1038732 )

          That is true, as a forensics professional. Strict rules of police work apply in the business, and they make sense. For example, if someone does not use a hardware write blocker to copy the drive to an image, then performs study only on that image, the case is pretty much screwed up.

          However, where the rubber meets the road is in front of a jury of people who likely have little clue, nor really care about official P&P. They have zero interest that a forensics officer failed to use a hardware write bloc

          • However, where the rubber meets the road is in front of a jury of people who likely have little clue, nor really care about official P&P.

            My understanding is that a jury will never see evidence that was obtained through improper procedures. When the system functions as intended, the judge would bar improperly-obtained evidence from being presented at trial.

        • Mounting a disk read/write certainly violates those rules.

          If they cared about "rules" we wouldn't be worried about protecting our data from them.

          The only kind of "self-destruct" apparatus I would trust is the one I apply myself. Anything that might have keys that are escrowed is useless when it comes to peace of mind.

      • The HDD wipes the moment you turn the power on and it finds something different with your system's configuration. There won't be an opportuity to image it.

        Of course, since this is done in hardware, I wouldn't be surprised if law enforcement has a skeleton key.

      • Confiscate the computer with a self-encrypting HDD. Boot a live CD, image the HDD. Analyse the image.

        Or am I missing the point?

        Uh, analyze what exactly? A 250GB encrypted "file"? Hardware encryption should live well below what any LiveCD or cloning software is capable of viewing, otherwise, there would be no point in selling this as a viable product if it were THAT easy to circumvent.

    • by Hatta ( 162192 )

      Law Enforcement is going to have a master key. They ARE going to love these.

    • I see Toshiba HDD controllers in the near future that circumvent the protection handed over to law enforcement, and 1-2 days after the release, some hacker is going to find a way to bypass the circuitry/firmware and/or force it to wipe on circumventing hardware.
      • by mlts ( 1038732 ) *

        I more likely will see a hacker, or perhaps an employee selling the ability on the black market.

        This would be a nice bonus for thieves and industrial/national espionage professionals. While someone is staying and enjoying the Elbonian hospitality, their intel agents can pull the HDD out of the laptop, attach a specialized controller that has this protection disabled, dump the data, and then slide it back in, and nobody would notice.

        I'm less worried about LEOs getting access to data than thieves. The marke

    • by Jawnn ( 445279 )
      As has been observed already, "the authorities" will almost certainly be given a "master key", so the question is, why would anyone who fears having the authorities see what is on their hard drive depend on this technology? Next question: Why would anyone who really cares about security use a device for which there is a known back door?

      The illusion of security is arguably worse then no security at all.
  • ...could possibly go wrong?

    • Re:What... (Score:5, Insightful)

      by 0racle ( 667029 ) on Wednesday April 13, 2011 @12:23PM (#35809946)
      Nothing at all, except a motherboard failure now means you lost all your data.
      • Re: (Score:3, Funny)

        by gsslay ( 807818 )

        No you haven't. Your data is still there. Just don't be doing anything foolish like trying to access it.

        • Re: (Score:3, Funny)

          by Anonymous Coward

          Finally, Write-Only Memory becomes mainstream.

          • by lgw ( 121541 )

            Ahh, now my designs to mount a specialized file system under dev/null will finally pay off!

    • by pmsr ( 560617 )

      As someone who recently say a big raid array failing spectacularly and taking data with it because of a firmware bug on the disks themselves, can say that nothing will go wrong. This has success written all over it.

      • You had multiple disk corruption due to a common firmware bug on the drives themselves? That seems like its going to be pretty damn rare.

        Now if you had a single drive failure and it took our your stripped, non-redundant array, then thats not really a big shocker is it?

        • Re:What... (Score:5, Informative)

          by vlm ( 69642 ) on Wednesday April 13, 2011 @12:49PM (#35810280)

          You had multiple disk corruption due to a common firmware bug on the drives themselves? That seems like its going to be pretty damn rare.

          Happens all the time because most RAID builders buy all their drives in one order from the same vendor. Heck they probably have sequential serial numbers. If there is a bug, they're going to totally lose that array because it'll hit all the drives.

          Let me guess, about a year ago or a bit more, he bought a set of Maxstor 541DX, Fireball 3, or DiamondMax Plus 8, the defect lists slowly started filling up, one drive finally failed outright, then during the restore/rebuild process multiple drives also failed because their defect lists filled up during the restoration, then the drive firmware literally crashed on the next boot leaving you with nothing at all but a set of paperweights that don't even show up in the BIOS list? Mmmm, just guessing?

          Always better off buying RAID drives from different vendors at different times, if you can.

          • Heck they probably have sequential serial numbers.

            I learned that the hard way. But happily I also learned that I was as emotionally attached to my data as I thought I was.

            • I learned that the hard way. But happily I also learned that I was as emotionally attached to my data as I thought I was.

              A useful reminder that, despite what many hope, there's no B for Backup in RAID.

              • I learned that the hard way. But happily I also learned that I was as emotionally attached to my data as I thought I was.

                A useful reminder that, despite what many hope, there's no B for Backup in RAID.

                You would be looking for a RABID setup? Try selling that.

          • This is quite right. I read about the following scenario which did not involve a bug of any kind but simple hardware failure. Experienced IT guy sets up a 3 disk RAID array at home. Drive 1 fails. No problem. He's got replacement drives and the array can work with 2 drives. While drive 1 is replaced and rebuilding, drive 2 fails. The array is toast. All data is lost. Drives 1 and 2 were by the same manufacturer and purchased at the same time. The only thing that saved him was that he had backed up
    • Don't worry, the 'on command' wipe has a pop up window that asks "are you sure you want to wipe the drive? [(OK)]"

  • Enhanced Harddrive (Score:2, Interesting)

    by Anonymous Coward

    This one is way cooler.

    It actually releases acid into the hard-drive platters:

    http://www.deadondemand.com/products/enhancedhdd

    If they've implemented this properly then you could send a remote command wirelessly that would wipe the hard-drive.

    I'm pretty sure this is a forensic investigators nightmare...

    • I suppose dd if=/dev/zero of=/dev/sda does take quite a while on larger drives...

      • I suppose dd if=/dev/zero of=/dev/sda does take quite a while on larger drives...

        It does, but "throw a bunch of acid on the platters" seems like a bit of a weird, mad scientist solution to trivial-to-solve problem.

        Encrypt your entire 3TB hard drive with a 2,048-bit key. When the bad guys come a-knockin', don't zero out the 3TB of data. Zero out the 2,048 bit key, which takes just a few ms. Now instead of 3TB of useful data, you'll have 3TB of pseudorandom garbage.

    • by gweihir ( 88907 )

      This is either a joke or a scam. What they claim cannot be implemented for any reasonable amount of money.

  • Microsoft developed fool-proof methods to trash entire hard drives long ago...
  • a nightmare (Score:5, Insightful)

    by Lord Ender ( 156273 ) on Wednesday April 13, 2011 @12:28PM (#35810040) Homepage

    I can only imagine how many IT support types will accidentally wipe these things. How sad and hilarious this will be!

  • by jandrese ( 485 ) <kensama@vt.edu> on Wednesday April 13, 2011 @12:29PM (#35810050) Homepage Journal
    Nothing like having a ticking time bomb built right into your hardware. The first time some cosmic ray flips some bit that the drive queries to determine which host its attached to you lose all of your data. Nice. Hope you remembered your backups.
    • The first time some cosmic ray flips some bit that the drive queries to determine which host its attached to you lose all of your data.

      Based on nosediving industry quality trends, I'd say that the odds of that particular error mode happening are minuscule compared to those of a garden variety click-of-death losing all your data.

    • Yeah, everybody who is using these drives will have copy of their data elsewhere. So the odds to weigh, for a laptop, are unrecoverable cosmic-ray-induced errors vs. a salesman losing his laptop when he gets drunk at the airport bar.

      Have you ever worked with salesmen?

  • by kevinmenzel ( 1403457 ) <kevinmenzel.gmail@com> on Wednesday April 13, 2011 @12:29PM (#35810064)
    For storage in devices like printers, etc., where there might be a large amount of storage to facilitate print queuing, etc., I can see how something like this coul be useful. For instance, one of the options on these devices is to self-wipe on power cycle. For companies worried about security, this might be worthwhile in their printers, where the storage itself might be for the purpose of convenience, but they would rather be safe than sorry, and data destruction is of ultimately no consequence because the source for that data is found elsewhere. That way, they can dispose of their printers in relative peace of mind, because if someone powers on the printer to see what it has on it, then poof, no more data. Or even do the "unknown host" thing, and then all you have to do is make it clear to IT that you don't want the valid host (the printer) to survive the disposal process, so if they want to play with some baseball bats in a field to the point of smashing the drive controller... then that's fine with corporate.
    • Re: (Score:3, Funny)

      Nerds with baseball bats in a field... what could possibly go wrong?
      • by sconeu ( 64226 )

        Well, your Superman III ATM virus could have an error in a decimal location, and give you $300000 almost immediately...

    • Probably also another layer of security for companies with laptops. As long as a corporate server backup is kept of the data then having the disk dump the data is generally not a problem. Just slap in a new one and pull it down again from the server, except this has added security of only allowing the disk to work in the machine it's in. Now all you need is a small remote to destroy some critical motherboard part and you're good to go. Okay that bit is an extra...
    • by mlts ( 1038732 ) *

      It would be nice if printer companies would do something fairly simple:

      When saving a file to be printed, AES256 encrypt the file with a random key (from a secure RNG), then store the key in RAM. If the file is to be stored for more than just a print job, have a small area of easily zeroed out, battery backed up storage for this.

      When the file is finished, zero out the key from RAM, and unlink() the disk file. Since the file is not recoverable once the key in RAM is destroyed, there wouldn't be a real need

  • Old News (Score:5, Funny)

    by rlp ( 11898 ) on Wednesday April 13, 2011 @12:35PM (#35810122)

    Self wiping drives - I had a few of those YEARS ago. They had the added feature that when they were erasing themselves,they alerted the user via a loud screeching sound.

  • Is Hitachi going to sue over infringement of there own self wiping tech included in the Deskstar series? It had the added benefit of wiping it randomly so even you could snoop on your data, though.
  • More info (Score:5, Interesting)

    by vlm ( 69642 ) on Wednesday April 13, 2011 @12:38PM (#35810168)

    What a ... blog. Yeah. Just go to toshiba.com and read the press release from the source, instead of the cut and pasted partial version at the ... blog:

    http://sdd.toshiba.com/techdocs/MKxx61GSYG_release.pdf [toshiba.com]

    They claim it uses AES256.. How do you know its not some kind of simple XOR? Probably their exotic "crypto erasure scheme" which they don't discuss is simply deleting the AES256 key. Where would you store the key? How about in the partition table? How long until there's a patch to linux fdisk to read the key, or at least not overwrite it when partitioning, and then how long until someone uses a loopback crypto file system support until linux to read a drive assuming you previously know the AES256 key?

    Also, those drives are small. The last time I bought a 160 GB drive was in the mid 00s. Wouldn't it be hilarious if the low capacity was because everything is stored twice, once "encrypted" for the (l)user and once unencrypted for government special access "only"?

    This is just all speculation on top of speculation, yet it all seems strangely likely.

    • by afidel ( 530433 )
      Why not store the key in a small sector of nvram on the control board, that's what the iphone 4 and ipad do with their crypto key. As to the size, it's a laptop drive so that's fairly typical for an entry level drive, the top end is 640GB also fairly typical for current generation laptop drives.
      • by vlm ( 69642 )

        Why not store the key in a small sector of nvram on the control board, that's what the iphone 4 and ipad do with their crypto key.

        No can do. Haven't met a SMD component yet that I can't desolder and I just do electronics as a hobby. Before people complain you can't do that with a $5 rat shack iron, the more money you spend at hakko.com the easier this is to do. I suppose if someone ever builds a nvram or flash in a BGA package or does some crazy bare die thing, it might cost as much as a new car, but I could theoretically do it. Pop that flash chip into an off the shelf reader and shazam you got the AES256 key.

        Then source an ident

        • by afidel ( 530433 )
          You embed it into the same die as the controller and do standard anti-tampering on the package. It's not like this is a new area for chip manufacturers, they've been doing secure tamperproof designs for a long time for governments and companies like RIM.
        • by Spykk ( 823586 )
          Why are you assuming the key is stored in the clear? It would make more sense to encrypt the key with a passphrase chosen by the user and prompt for it at startup.
    • ...Also, those drives are small. The last time I bought a 160 GB drive was in the mid 00s.

      When the average corporate (or even home) user can barely fill a 160GB hard drive in the useful life of the computer, I'm struggling to see the justification for terabyte drives in desktops and laptops.

      Sure, there are power geeks out there hungry for 2TB sitting in a laptop, but the only use I've found so far in buying drives THAT big is to watch someone lose a metric fuckton of data when the 2TB hard drive fails, vs. just losing a shitload of data when the 250GB hard drive fails.

      Giving a user a bigger bask

    • Well, if they're doing it right, the key material is split between the drive and the host. The host and the drive have to perform a key exchange to end up with a shared secret, which is used by the drive to encrypt data. If plugged into an unknown host, or if the drive is programmed to generate a key in RAM at power-on and never save it anywhere, there's no key to recover.

      Rampant speculation and paranoia is just insulting. The low capacity is probably because this is a drive designed to have extremely high

  • by xkr ( 786629 ) on Wednesday April 13, 2011 @12:39PM (#35810188)
    These drives are intended for embedded application like copy machines and medical equipment. That equipment now has major security holes once it is disposed of. NOT intended for PCs or data center use. HOWEVER, for secure laptops -- they are ideal. If the laptop gets stolen, now, it is trivial to circumvent OS-enforced security and get to the data. In an environment were data backup is handled by the corporate system, if the laptop fails or is lost or the user forgets his password, you ABSOLUTELY want the data in that machine gone forever. Legitimate users of the data will get it, through the proper channels, from corporate backup.
  • by Anonymous Coward

    Laptop theft is at an all time low. In unrelated news, kidnappings are on the rise.

  • It seems to me that, increasingly, the legislative drive is to criminalize a failure to decrypt data, rather than actually needing the data as evidence. The idea is to give the failure to decrypt data a higher penalty than the actual crime for which you are being prosecuted, thus coercing you into decrypting the data. I mean, why bother trying to crack, break, or coerce the decryption factors when you can just build a stronger case?

    There [slashdot.org] are [slashdot.org] several [slashdot.org] examples [slashdot.org] of [slashdot.org] this [slashdot.org] on Slashdot.

    Such a drive could just prov

    • by Xenna ( 37238 )

      Hence Truecrypt's plausible deniability.
      They'll have to prove there's more data before they can prosecute you.

      • by Qzukk ( 229616 )

        Except that truecrypt heavily advertises this feature, so if you decrypt your volume and it has pictures of fuzzy kittens, they'll say "ha ha very funny, I said kiddie porn, not kitty porn. Now decrypt the secret volume."

        • by Jahava ( 946858 )

          Except that truecrypt heavily advertises this feature, so if you decrypt your volume and it has pictures of fuzzy kittens, they'll say "ha ha very funny, I said kiddie porn, not kitty porn. Now decrypt the secret volume."

          Plausible deniability, in this case, means that there is no confirming evidence that there is data there. In this case, the poster is referring to this [truecrypt.org].

          That said, presence of TrueCrypt drivers or bootloader would probably shatter that, and even without those, the court system isn't even remotely logical. All the prosecution has to do is convince a bunch of (non-technical) people that it's relevant, and you're back to "encrypted blob", see my OP, etc..

      • by lgw ( 121541 )

        No, they just have to throw you in jail until you produce the key to the hidden partition. Didn't have a hidden partition? Sucks to be you.

        Or do you expect the government to be the Good Guys in the story?

    • XKCD [xkcd.com]

      This is why we have the fifth amendment in the US, I haven't been following it lately, but it was considered a violation of the fifth amendment protections to compel disclosure of an encryption key from the suspect.

      • by Jahava ( 946858 )

        God bless Minnesota [state.mn.us] :/

        But I agree, that's how it's supposed to work.

        • by blair1q ( 305137 )

          I assume you're talking about someone being convicted even though the encryption of the evidence wasn't broken. You might want to read that appeal ruling carefully. It implies that there is other evidence (testimony, likely), that contradicts the perp's claim that there was nothing encrypted on the computer, implying there was no encrypted kiddie-porn on the computer. The appeals court is basically saying that yes, it's mostly irrelevant that there happens to be PGP on a commonly configured computer. But

          • by Jahava ( 946858 )

            I assume you're talking about someone being convicted even though the encryption of the evidence wasn't broken. You might want to read that appeal ruling carefully. It implies that there is other evidence (testimony, likely), that contradicts the perp's claim that there was nothing encrypted on the computer, implying there was no encrypted kiddie-porn on the computer. The appeals court is basically saying that yes, it's mostly irrelevant that there happens to be PGP on a commonly configured computer. But there's enough evidence that pictures of a child were uploaded to the computer to make it irrelevant that the PGP is irrelevant. So the fact that PGP is common isn't enough of an argument to overturn any of the case.

            So basically the testimony is enough to convict so even if the jury had relied on the existence of PGP it's not enough to un-convict. I.e., you don't "get off on a technicality" unless the technicality actually changes the validity of the evidence against you.

            What they didn't do there is state as a precedent that the existence of encryption software is in itself evidence of a crime. In case that's where you're going.

            Mostly going for:

            We find that evidence of appellant’s internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him.

            ... and ...

            Evidence of appellant’s computer usage and the presence of an encryption program on his computer was relevant to the state’s case. We affirm the district court’s evidentiary rulings.

            Sure, it could be worse, but that's not a good quote to hear in a US justice system. The UK has certainly crossed this line, but you'd be a fool not to see the US heading there too.

  • by 0123456 ( 636235 ) on Wednesday April 13, 2011 @12:48PM (#35810270)

    A bad blocks scan at the weekend showed my year-old Toshiba hard drive has invalidated at least a hundred sectors so far.

  • by frovingslosh ( 582462 ) on Wednesday April 13, 2011 @12:55PM (#35810350)
    Self wiping drives, what could possibly go wrong? But it should also be noted that Western Digital has been making self wiping drives for years, although they are not as selective or precise about when they wipe your data.
  • by gweihir ( 88907 ) on Wednesday April 13, 2011 @12:57PM (#35810358)

    So steal/confiscate the whole machine. The only thing this does is it makes legitimate data recovery harder and may even cause unintended data loss. This is not how to do it. Amateur-crypto at best.

  • by Paracelcus ( 151056 ) on Wednesday April 13, 2011 @01:14PM (#35810540) Journal

    Damn Small Linux (a boot & eject distro) booted from read only media, save your shit to an external truecrypt USB drive (hidden offsite)!

  • by b4upoo ( 166390 ) on Wednesday April 13, 2011 @01:34PM (#35810720)

    The US simply does not manufacture items like hard drives. I am certain that law enforcement as well as government good squads in many nations will not tolerate any form of personal security including a self wiping drive. So when it comes to back doors and over rides it may well be governments other than our own that can peek into these drives at will. And I doe believe that any software or hardware that is effective in securing ones' data will usually be from a source either infiltrated or owned by government agencies.
                              I'm not so sure how much I would like to protest the situation as I understand that covert electronic modes have already been effective for our forces in war actions.

  • by dogsbreath ( 730413 ) on Wednesday April 13, 2011 @03:18PM (#35811768)

    This raises the bar in terms of effort required to safely capture the data. If the system is effective then the drive electronics have to be bypassed. That is, either transplant new control electronics into the drive frame or transplant the platters. Clearly beyond the means of the average thief and raises the cost/effort level for law enforcement. That is unless Toshiba provides a "Law Enforcement SDK".

    OTOH, the sword cuts two ways: not only does the drive provide protection from unauthorized access, it also puts the data under constant risk. Any data on the drive has a veritable Damocle's sword hanging over it. The possibility of accidentally triggering the destruct mode seems very real. Think about some of the false positive issues with that used to occur with Windows licensing where a minor system change made Windows think it was on a new installation. Happened to me several times and put me on the phone to Microsoft. ie: I added ram once, going from a single 512M to 2x1G and my activation cancelled; another time I upgraded the video card. Innocent but triggered the software detector.

    Reminds me of Dr. Strangelove for some reason. I have an image of Slim Pickins riding my Toshiba disk into a mushroom cloud of destruction. Sorry, off topic. Damn OCD ;->

When the weight of the paperwork equals the weight of the plane, the plane will fly. -- Donald Douglas

Working...