Security Implications of Hybrid Hard Drives
A hybrid hard drive (HHD) is a device that combines a standard drive with a significant amount of non-volatile Flash memory. In 2005, a Samsung press release annouced they would team with Microsoft to develop such a device. The result appears to be the Samsung FlashON drive (with 2Gbytes of Flash) specifically for Microsoft Vista. The benefits of including significant non-volatile storage with the drive include faster boot/resume-from-hibernation (state can be transferred from the Flash back to the main memory without waiting for the drive spindle to come up to speed) and reduced power consumption (writes to magnetic media can be batched allowing the drive to idle or spin down more often). However, there is a security implication that is mentioned in a ComputerWeekly.com article:
Security conscious organisations are taught to be very aware of data left on hard drives when PCs are disposed of. However, [Flash] memory is nonvolatile, so a company could end up with up to 512Mbytes of data lying around in memory on the motherboard or on the side of the drive.
Few companies own the industrial-scale degaussing equipment that can instantly be used to fry the data on a drive, and instead rely on software that laboriously overwrites the magnetic surface.
The trouble is that drive degaussing is not designed to erase Flash memory and software methods require that the drive can be powered up and works. Because degaussing involves moving a drive though a powerful magnet eddy currents may be induced that might erase/damage the Flash electrically or even thermally. (Our degausser heats up drives so much that they must be handled with heavy oven mitts.) That said, my guess is that degaussing followed by physical destruction of the Flash chips will be necessary to ensure that the non-volatile data is destroyed. For more information on extracting data from Flash memory, check out the paper Data Remanence in Flash Memory Devices from the University of Cambridge.
Another security implication of hybrid drives is that, depending on the interface between the operating system and the drive, it may also be possible to hide malicious code in the Flash memory that is not detected by virus scanners.
December 1st, 2006 at 10:52 am
[...] Another security implication of hybrid drives is that, depending on the interface between the operating system and the drive, it may also be possible to hide malicious code in the Flash memory that is not detected by virus scanners. Source: Applied Miscellany [...]
December 26th, 2006 at 10:59 am
Hi. I have two 40GB Maxtor 34098H4 hard drives, one of which died completely three months ago. The BIOS will not recognize it and it will not spin when my computer is powered up. The dead drive does not make any noise. After doing some research, I found two seemingly possible methods of getting a dead drive to spin which each have supporters and detractors. The two methods are possible alternatives (To those who cannot afford it) to paying thousands of dollars to a professional firm with a sealed clean room to recover data. The first method involves finding the same model hard drive as the dead one with the exact PCB (Printed Circuit Board) and then swapping the PCB from the good drive into the dead one to make it spin. The second method involves putting the dead drive into a Ziplock storage bag and putting it into the freezer overnight and then taking the drive out and pray that the hard drive will spin. I wanted to try the first method but after examining my good hard drive, which is of the same size and model as the dead one, I found that the PCBs are slightly different. So, the first method will not work for me (I don’t have the time and resources to try to find an exact PCB for the dead drive). I was wondering, would the second method work? Many people have claimed that the second method works and others have claimed that it would end up damaging the drive heads or platters even further. In your experience, have you tried the second method and what is the success rate for making the hard drive spin again so that data can be recovered? I just want to recover some old pictures and music from my dead drive. Any assistance you can offer is greatly appreciated. Thanks!
February 14th, 2007 at 1:53 am
To the fellow with the dead hard drive:
I’ve tried the freezing method, because I KNEW that the heads had crashed on the platter and were keeping it from moving. No matter how much freezing it didn’t spin, but I also felt that the motor hadn’t died, because 1) the drive was kinda new (less than 2-3 years old) and 2) I could hear it TRYING to budge upon power up. So I did what will VOID your warranty: unscrewed all the screws, and take off the cover, and then use something like a COMB to snuggly fit between the arms that have the drive heads and as the comb pushes the arms outwards (from the platters), then I moved the head assembly back to PARK position (away from the platters). This method is described very well in some articles online, most likely the MHDD articles. I definitely recommend that software for scanning and repairing your bad sectors. Oh, I also used a compressed air spray to make sure no dust was left on the platters (also wore a hat so that nothing from my head fell on the platters, although try not to lean over the platters, and I also used a fan to blow air constantly, hoping that the dust particles wouldn’t land on the platters). Good luck!