Security Implications of Hybrid Hard Drives

A hybrid hard drive (HHD) is a device that combines a standard drive with a significant amount of non-volatile Flash memory. In 2005, a Samsung press release annouced they would team with Microsoft to develop such a device. The result appears to be the Samsung FlashON drive (with 2Gbytes of Flash) specifically for Microsoft Vista. The benefits of including significant non-volatile storage with the drive include faster boot/resume-from-hibernation (state can be transferred from the Flash back to the main memory without waiting for the drive spindle to come up to speed) and reduced power consumption (writes to magnetic media can be batched allowing the drive to idle or spin down more often). However, there is a security implication that is mentioned in a article:

Security conscious organisations are taught to be very aware of data left on hard drives when PCs are disposed of. However, [Flash] memory is nonvolatile, so a company could end up with up to 512Mbytes of data ­lying around in memory on the motherboard or on the side of the drive.

Few companies own the industrial-scale degaussing equipment that can instantly be used to fry the data on a drive, and instead rely on software that laboriously overwrites the magnetic surface.

The trouble is that drive degaussing is not designed to erase Flash memory and software methods require that the drive can be powered up and works. Because degaussing involves moving a drive though a powerful magnet eddy currents may be induced that might erase/damage the Flash electrically or even thermally. (Our degausser heats up drives so much that they must be handled with heavy oven mitts.) That said, my guess is that degaussing followed by physical destruction of the Flash chips will be necessary to ensure that the non-volatile data is destroyed. For more information on extracting data from Flash memory, check out the paper Data Remanence in Flash Memory Devices from the University of Cambridge.

Another security implication of hybrid drives is that, depending on the interface between the operating system and the drive, it may also be possible to hide malicious code in the Flash memory that is not detected by virus scanners.

Leave a Reply