Walmart lists a 30TB Portable SSD for $39. Of course it's a scam
Walmart lists a 30TB Portable SSD for $39. Of course it's a scam
If someone tries to sell you 30TB of solid storage-state storage for less than $40, consider turning around and running away, no matter how many clip-art rockets they use in their images.
It looks like high capacity SSDs are getting cheaper, but in the words of a security researcher known as Ray Redacted on Twitter, there are still deals out there that are too beautiful to be true. In the spirit of discovery, he purchased a "30TB" external SSD from AliExpress for $31.40, which also happens to be listed on Walmart's website for $39 (I link it for educational value and entertainment, please do not buy it).
For those of you following this thread but not understanding the scam:
The scammer receives two 512MB USB sticks. Or 1 gigabyte, or whatever. They then add pirated firmware that causes it to misreport its size.
Windows reports EXACTLY 15.0 terabytes. Pitch 14.89, Pitch 14.78
— Ray [REDACTED] (@RayRedacted) August 26, 2022
But when you access WRITE a large file, the hacked firmware just writes all the new data over the old data, while keeping the directory (with fake information) intact.
H2Testw WRITES then RE-READS its data. But the scammer slowed down the bus from 5 gigabits per second to 0.48 gigabits
— Ray [REDACTED] (@RayRedacted) August 26, 2022
Inside, this "SSD" looks like two small capacity microSD cards hot-glued to a USB 2.0 compatible card. The firmware for this card has been changed so that each of these cards reports its "15.0 TB" capacity to the operating system, for a total of 30 TB, even though the cards actual capacity is much less. This is another giveaway; Windows reports disk capacities in gibibytes (1024 megabytes) or tebibytes (1024 gigabytes), while disk manufacturers use gigabytes (1000 megabytes) and terabytes (1000 gigabytes). This is why a 1TB drive normally only has a reported capacity of 930GB, rather than a nice round number.
Enlarge / Inside, this "SSD" has what appears to be a pair of microSD cards or some other type of cheap, low-capacity flash memory hot-glued to a printed circuit board.
@RayRedacted on Twitter
The reader is even smarter when it comes to tricking people into thinking it works. It preserves the directory structure of anything you copy, but when it "copies" your data, it continues to write and rewrite to the tiny microSD cards. You will be fine until you access a file, only to find that the data is not there.
Replies to Ray Redacted's thread are full of alternative versions of this scam, including multiple iterations of the hot-glued microSD version and at least one that hid a USB drive inside a larger casing ...
If someone tries to sell you 30TB of solid storage-state storage for less than $40, consider turning around and running away, no matter how many clip-art rockets they use in their images.
It looks like high capacity SSDs are getting cheaper, but in the words of a security researcher known as Ray Redacted on Twitter, there are still deals out there that are too beautiful to be true. In the spirit of discovery, he purchased a "30TB" external SSD from AliExpress for $31.40, which also happens to be listed on Walmart's website for $39 (I link it for educational value and entertainment, please do not buy it).
For those of you following this thread but not understanding the scam:
The scammer receives two 512MB USB sticks. Or 1 gigabyte, or whatever. They then add pirated firmware that causes it to misreport its size.
Windows reports EXACTLY 15.0 terabytes. Pitch 14.89, Pitch 14.78
— Ray [REDACTED] (@RayRedacted) August 26, 2022
But when you access WRITE a large file, the hacked firmware just writes all the new data over the old data, while keeping the directory (with fake information) intact.
H2Testw WRITES then RE-READS its data. But the scammer slowed down the bus from 5 gigabits per second to 0.48 gigabits
— Ray [REDACTED] (@RayRedacted) August 26, 2022
Inside, this "SSD" looks like two small capacity microSD cards hot-glued to a USB 2.0 compatible card. The firmware for this card has been changed so that each of these cards reports its "15.0 TB" capacity to the operating system, for a total of 30 TB, even though the cards actual capacity is much less. This is another giveaway; Windows reports disk capacities in gibibytes (1024 megabytes) or tebibytes (1024 gigabytes), while disk manufacturers use gigabytes (1000 megabytes) and terabytes (1000 gigabytes). This is why a 1TB drive normally only has a reported capacity of 930GB, rather than a nice round number.
Enlarge / Inside, this "SSD" has what appears to be a pair of microSD cards or some other type of cheap, low-capacity flash memory hot-glued to a printed circuit board.
@RayRedacted on Twitter
The reader is even smarter when it comes to tricking people into thinking it works. It preserves the directory structure of anything you copy, but when it "copies" your data, it continues to write and rewrite to the tiny microSD cards. You will be fine until you access a file, only to find that the data is not there.
Replies to Ray Redacted's thread are full of alternative versions of this scam, including multiple iterations of the hot-glued microSD version and at least one that hid a USB drive inside a larger casing ...
If someone tries to sell you 30TB of solid storage-state storage for less than $40, consider turning around and running away, no matter how many clip-art rockets they use in their images.
Enlarge / Inside, this "SSD" has what appears to be a pair of microSD cards or some other type of cheap, low-capacity flash memory hot-glued to a printed circuit board.
@RayRedacted on Twitter
