If someone tries to sell you 30TB of solid-state storage for less than $40, consider turning around and running away, no matter how many clip-art rockets they use in their pictures.
It feels like high-capacity SSDs are getting cheaper all the time, but in the words of a security researcher known as Ray Redacted on Twitter, there are still some deals that are too good to be true. In the spirit of discovery, he bought a "30TB" external SSD from AliExpress for $31.40, which also happens to be listed on Walmart's website for $39 (I am linking it for educational and entertainment value, please do not buy it).
For those of you who are following this thread but not understanding the scam:
— Ray [REDACTED] (@RayRedacted) August 26, 2022
Scammer gets two 512MB Flash drives. Or 1 gigabyte, or whatever. They then add hacked firmware that makes it misreport its size.
Windows reports EXACTLY 15.0 terabytes. Not 14.89, Not 14.78
But when you go to WRITE a big file, hacked firmware simply writes all new data on top of old data, while keeping directory (with false info) intact.
— Ray [REDACTED] (@RayRedacted) August 26, 2022
H2Testw actually WRITES & then RE-READS its data. But the scammer slowed the bus down from 5 gigabits per second to .48 gigabits
On the inside, this "SSD" looks like two small-capacity microSD cards hot glued to a USB 2.0-capable board. This board's firmware has been modified so that each of these cards reports its capacity as "15.0TB" to the operating system, for a total of 30TB, even though the actual capacity of the cards is much lower. This is another giveaway; Windows reports drive capacities in gibibytes (1,024 mebibytes) or tebibytes (1,024 gibibytes), while drive manufacturers use gigabytes (1,000 megabytes) and terabytes (1,000 gigabytes). This is why a 1TB drive normally only has a reported capacity of 930-ish GB, rather than a nice round number.
Read 3 remaining paragraphs | Comments
If someone tries to sell you 30TB of solid-state storage for less than $40, consider turning around and running away, no matter how many clip-art rockets they use in their pictures.
It feels like high-capacity SSDs are getting cheaper all the time, but in the words of a security researcher known as Ray Redacted on Twitter, there are still some deals that are too good to be true. In the spirit of discovery, he bought a "30TB" external SSD from AliExpress for $31.40, which also happens to be listed on Walmart's website for $39 (I am linking it for educational and entertainment value, please do not buy it).
For those of you who are following this thread but not understanding the scam:
— Ray [REDACTED] (@RayRedacted) August 26, 2022
Scammer gets two 512MB Flash drives. Or 1 gigabyte, or whatever. They then add hacked firmware that makes it misreport its size.
Windows reports EXACTLY 15.0 terabytes. Not 14.89, Not 14.78
But when you go to WRITE a big file, hacked firmware simply writes all new data on top of old data, while keeping directory (with false info) intact.
— Ray [REDACTED] (@RayRedacted) August 26, 2022
H2Testw actually WRITES & then RE-READS its data. But the scammer slowed the bus down from 5 gigabits per second to .48 gigabits
On the inside, this "SSD" looks like two small-capacity microSD cards hot glued to a USB 2.0-capable board. This board's firmware has been modified so that each of these cards reports its capacity as "15.0TB" to the operating system, for a total of 30TB, even though the actual capacity of the cards is much lower. This is another giveaway; Windows reports drive capacities in gibibytes (1,024 mebibytes) or tebibytes (1,024 gibibytes), while drive manufacturers use gigabytes (1,000 megabytes) and terabytes (1,000 gigabytes). This is why a 1TB drive normally only has a reported capacity of 930-ish GB, rather than a nice round number.
Read 3 remaining paragraphs | Comments
August 26, 2022 at 10:46PM
Post a Comment