How hard can it be to kill a flash drive? Judging by the look of defeat on [Walker]’s face in the video below, pretty darn hard.
To bring you up to speed, and to give the “Mission: Impossible” reference in the title some context, it might be a good idea to look over our earlier coverage of [Walker]’s Ovrdrive project. It started way back in 2022 with the idea that some people might benefit from a flash drive that could rapidly and covertly render the data stored on it, err, “forensically unavailable.” This would require more than just erasing the data, of course, so [Walker] began looking at ways to physically kill a memory chip. First up was a voltage doubler to apply voltage much greater than the absolute maximum rating of 4.6 V for any pin on the chip. That corrupted some files on the flash chip, enough of a win to proceed to a prototype that actually succeeded in releasing the Magic Smoke.
But sadly, that puff of smoke ended up being a fluke. [Walker] couldn’t repeat the result, at least not with the reliability required by people for whom data privacy is literally a life-or-death matter. To increase the odds of a kill, he came up with an H-bridge circuit to reverse the polarity of the memory chip’s supply. Surely that would kill the chip, and from the thermal camera images, it sure looked promising. But apparently, even 167°C isn’t enough to forensically disable the chip, which kind of makes sense from the point of view of reflow survivability.
What’s next for [Walker]? He says he’s going to team up his overvoltage and reverse-polarity methods for one last shot, but after that, he’s about out of reasonable options. Sure, a thermite charge or a vial of superacid would do the trick, but neither is terribly covert. If you’re going to go that way, you might as well just buy a standard flash drive and throw it in the microwave or a blender. And we need to remember that this may be something the drive’s owner needs to do with jack-booted thugs kicking in the door, or possibly at gunpoint. It wouldn’t do to be too conspicuous under such circumstances. That’s why we like the “rapid power cycling” method of triggering the drive’s self-destruct sequence; it could easily be disguised as shaking hands in a stressful situation.
Who knew that memory chips were this robust? Kudos to [Walker] for getting the project as far as he did, and we’re still rooting for him to make it work somehow.
For almost a year now, we’ve been following the progress [Walker] has been making with Ovrdrive — a completely open source USB flash drive that features the ability to destroy itself should it fall into the wrong hands. It’s an interesting enough project on those merits alone, but what really made this idea stand out was that the user was expected to lick their fingers before handling the drive as a form of covert authentication.
Well, we’ve got some good news and some bad news. The good news is that [Walker] is just about ready to release the Ovrdrive officially on Crowd Supply. But it’s with a heavy heart that we must report that the device’s cutting edge spit-detection capabilities have been removed. Now if you want to preserve the drive’s files, you need to rapidly insert and remove the drive several times rather than just plugging it in.
In all seriousness, this new approach makes a lot more sense. As entertaining as it might have been, the whole idea of a device that could detect moisture on the user’s fingers was fraught with problems. It was a bit more of a meme than a real solution, and if we’re being honest, kind of disgusting. This new approach sounds far more reliable, especially when combined with the new “Lite” self-destruct mode.
While the original capability of literally frying the flash chip by way of several capacitors and a voltage doubler is still here, there’s also a non-destructive approach that’s enabled by default. Unless you open up the drive and desolder the jumper pad on the PCB, the onboard ATtiny24A will simply use the enable pin on the flash chip to make it appear empty. This means that you’ve got to really want to cook your flash chip on the first hint of funny business.
Ultimately, whether it’s self-destructing or not, we just really like the idea of a hacker-developed open source hardware USB flash drive. Admittedly it would be a lot cheaper and more practical to just buy one like a normal person, but we strongly believe that if there’s a way for the community to build a OSHW version of something, they should at least give it a shot.
Regular readers may recall that security researcher and general open source hardware fanatic [Walker] has been planning a rather unusual flash drive for some time — one that will only show its contents if the user makes sure to lick their fingers before plugging it in. We’re pleased to report that theory has recently given way to real hardware, and the Ovrdrive “self-destructing” flash drive is now a step closer to reality.
The last time we checked in with [Walker], he hadn’t yet put any hardware together, though he was fairly sure what components he would need and how it would all go together. This was assisted somewhat by the fact that USB flash drives are such a ubiquitous piece of tech, making their principle parts plentiful and fairly well documented. As explained in the video below, all you really need to spin up your own flash drive is the USB connector, the controller chip, and a nice slab of flash memory for it to access. Though naturally you’re on your own for spit detection.
What we especially like about this project is that [Walker] is releasing the whole thing as open source hardware. So even if you’re not interested in the whole lick-for-access feature, you’ve still got a boilerplate flash drive design to build on. We haven’t seen a lot of DIY projects tackle USB Mass Storage previously, and perhaps this design can change that.
But of course, only if the thing works. According to the video after the break, [Walker] seems to have hit a snag with this revision of the hardware. While it enumerates as a storage device when plugged into the computer, the operating system claims its capacity is zero. He thinks there might be a swapped trace between the controller and flash chip to blame, so hopefully he can get things sorted out before too long. We’ve been covering this project since the summer, and are eager to see it cross the finish line.
A self-destructing storage device that vaporizes its contents at the first sign of trouble would be an invaluable tool for many people, but good luck getting your hands on such a thing if you don’t work for a three-letter agency. Or at least, that’s what we would have said before [Walker] got on the case. He’s working on an open source self-destructing USB flash drive for journalists, security researchers, whistleblowers, or anyone else who really values their privacy.
When we previously covered this project in July, [Walker] had only planned to make the flash drive hide its contents unless you knew to wet your fingers before plugging it in. We admit it sounds a little weird, but as far as clandestine methods of activating something goes, it’s pretty clever. But based on the feedback he received, he decided to go all-in and make the USB drive literally trash itself should it be accessed by somebody who doesn’t know the secret.
But how exactly do you pull that off? Sure we’d love to see a small thermite charge or vial of acid packed in there, but obviously that’s not very practical. It needs to be safe to carry around, and just as importantly, unlikely to get you into even more trouble with whoever is searching through your belongings. To that end, [Walker] thinks he’s come up with an elegant solution.
The datasheet for his flash memory chip says the maximum voltage it can handle before releasing the Magic Smoke is a meager 4.6 V. So he figures running a voltage doubler on the nominal 5 V coming from a USB port should disable the chip nicely with a minimum of external drama. Will it be enough to prevent the data from being recovered forensically? We don’t know, but we’re eager to find out.
In the write-up, [Walker] takes readers through the circuit designs he’s come up so far, and shows off the source code that will run on the ATtiny25 to determine when it’s time to toast the flash. He says by the next post he should have the entire flash drive built and documented, so stay tuned.
As laptops have become smaller and easy to carry around, they have also picked up the most unfortunate property of being easy to steal. We’ve read the stories of how some victims are able to track them down via webcam still images of the thief. [Mastro Gippo] decided to take it one step further and add a remotely operated hardware self destruct to his laptop. The idea is if the laptop becomes unrecoverable, it will become useless and any sensitive data will be destroyed without harming the area around it.
It’s somewhat inception like, as it’s a hack within a hack. It’s based on the Crunchtrack, a CAN bus reverse engineering tool equipped with GPS and a SIM800 GSM module, which was also developed by [Mastro Gippo]. The idea is to tuck the small board somewhere in the laptop and wire it up between the battery and some sensitive parts. Send a single SMS text and ‘poof’, bye-bye laptop.
He wrote all the code in less the 24 hours for the BattleHack Hackathon. He decided to spice up the act with some firecrackers and a detonator, which made his team the crowd favorite and earned a victory.
Ah yes, the classic Mission Impossible ultimate message security — after verification and playing the message, poof — it’s gone. You could design explosives into your electronics to have the same effect… or you can use Xerox PARC’s new chip, which features a self-destruct mode.
Wait, what? Yup — some engineer at Xerox decided to develop a chip that can literally self-destruct. It was developed for DARPA’s vanishing programmable resources project, and well, it sounds pretty promising for the future of high-security applications. Continue reading “This Post Will Self Destruct In 10 Seconds”→
Download a song from iTunes, and you can only add that song to the music library of five other computers. Grab a copy of the latest Microsoft Office, and you’d better hope you won’t be upgrading your computer any time soon. Obviously DRM is a great tool for companies to make sure we only use software and data as intended, but outside planned obsolescence, there isn’t much in the way of DRM for physical objects.
This is where a team from the University of Art and Design in Lausanne, Switzerland comes in. They designed a chair that can only be sat upon eight times. After that, the chair falls apart necessitating the purchase of a new chair. Somewhere in the flat-pack furniture industry, someone is kicking themselves for not thinking of this sooner while another is wondering how they made a chair last so long.
The design of the chair is fairly simple; all the joints of the chair are cast in wax with a piece of nichrome wire embedded in the wax. An Arduino with a small switch keeps track of how many times the chair has been used, while a solenoid taps out how many uses are left in the chair every time the user gets up. When the internal counter reaches zero, a relay sends power through the nichrome wire, melting the wax, and returning the chair to its native dowel rod and wooden board form.
Melting wax wasn’t the team’s first choice to rapidly disassemble a chair; their first experiments used gunpowder. This idea nearly worked, but it was soon realized no one on the team wanted to sit on a primed and loaded chair. You can see the videos of the wax model failing after the break.