New USB stick has a self-destruct feature that heats it to over 100 degrees Celsius — a secret three-insertion process needed to unlock data safely

News
By Christopher Harper
published

Ovrdrive does not encrypt its contents by default but has a uniquely physical security mechanism and can be rigged to self-destruct.

A shot of the open-source Ovrdrive USB from Interrupt Labs' official YouTube video.
A shot of the open-source Ovrdrive USB from Interrupt Labs' official YouTube video. (Image credit: Interrupt Labs on YouTube)

Through GitHub and Crowd Supply, Ryan Walker of Interrupt Labs (via CNX Software) is releasing a security-focused, open-source USB flash drive called Ovrdrive USB, which boasts a self-destruct mechanism that heats the flash chip to over 100 degrees Celsius.

The Ovrdrive USB is unencrypted by default, so it should still be legal in countries where encryption is otherwise illegal while providing an extra degree of (physical) security not matched by our current best flash drives.

First, the Ovrdrive USB design functions pretty simply. It's mostly a run-of-the-mill USB flash drive with a unique activation mechanism. For it to be detected by your machine, you have to rapidly insert the drive three consecutive times actually to turn it on. Failure to do so will hide the drive's partition and give the impression that it's broken. Initially, it was supposed to self-destruct, but it proved too challenging to mass produce, forcing Walker to change the drive.

Nonetheless, Walker left the original destruction mechanism intact in the final product. The mechanism reverses the voltage supplied to the device to around 100 degrees Celsius. However, it may not be hot enough to kill the flash chips, but users can always add a compound for it to self-destruct. Obviously, the creator will not ship any hazardous compound with the Ovrdrive USB.

The first revision of the Ovrdrive USB featured a peculiar activation method where users used wet fingers to activate the pen drive, which meant licking their fingers before plugging in the pen drive.

As a product aimed at journalists, researchers, and others needing an extra storage security layer, the Ovrdrive USB design may be a good choice. This activation mechanism is no substitute for full encryption (particularly in countries where you can encrypt your storage). However, it still serves as an excellent security knowledge check for unwanted third-party drive users.

Fortunately, encrypting a USB drive yourself isn't very hard— specific versions of Windows have the built-in BitLocker drive encryption feature, and VeraCrypt is also available as an open-source, highly recommended alternative. VeraCrypt is generally recommended over BitLocker, particularly if your system has a TPM module external to your CPU (see our list of best gaming CPUs).

In its crowdfunding campaign on Crowd Supply, the flash drive is slated for an August 2024 release and priced at $69 with free US domestic shipping or $12 international shipping for the rest of the world. At the original time of writing, the flash drive has reached 70% of its funding, with two days remaining on the funding deadline.

Christopher Harper
17 Comments Comment from the forums
  • pixelpusher220
    has a destruct feature that heats it to over 100 degrees Celsius

    That's weird way to say "Used Lithium Ion battery"
    Reply
  • Alvar "Miles" Udell
    However, it may not be hot enough to kill the flash chips, but users can always add a compound for it to self-destruct.

    That totally won't get you imprisoned, or executed, in countries where encryption is illegal.
    Reply
  • PEnns
    Let's hope that when that self destruct moment arrives, a bunch of those USBs are not in somebody's pocket on an airplane....
    Reply
  • USAFRet
    "a self-destruct mechanism that heats the flash chip to over 100 degrees Celsius"

    See....Items banned from aircraft.
    Reply
  • usertests
    Alvar Miles Udell said:
    That totally won't get you imprisoned, or executed, in countries where encryption is illegal.
    As configured it simply hides the data from the attacker. You should just use encryption on top of that, and mix it in with working dummy flash drives.

    I don't know if there's a scenario where you would want to both encrypt and ensure the fiery destruction of the contents. Maybe if you thought a shared key would leak, but somehow not the fact that you are using self-destructing drives.
    Reply
  • atomicWAR
    This has interesting implications for secure USB data storage.

    (this message will self destruct in five seconds...que mission impossible music)
    Reply
  • rluker5
    As the proud owner of a 13900kf, I can say that 100c isn't anything special. That just means the numbers turn red.

    That jump drive will be fine.
    Reply
  • Sleepy_Hollowed
    rluker5 said:
    As the proud owner of a 13900kf, I can say that 100c isn't anything special. That just means the numbers turn red.

    That jump drive will be fine.
    I've not used the latest AMD chips, but as someone that has used 12th gen Intel, I have to agree, I did not know a desktop chip could get that hot when going all out of 100-105C.
    Reply
  • Dr3ams
    Oh...you definitely don't want that in your front pants pocket. 👀
    Reply
  • Findecanor
    Instead of physically self-destruct, how about scrambling the flash with random bits?

    Alternatively, store the data encrypted with a very long key, and have that stored in flash encrypted with a short key that users use.
    Then when you "self-destruct", scramble the large key.

    Instead of malfunctioning, why not have two file systems in flash: one public honeypot and one encrypted that has to be enabled through the special procedure.
    See "Plausibly deniable encryption".
    Reply