by Robin England, Senior Research & Development Engineer, Kroll Ontrack

As the saying goes, if something looks too good to be true, then it probably is. Yet this isn’t stopping unscrupulous manufacturers from benefitting from a market for fake USB devices that purport to provide many gigabytes of storage while actually being based on a much cheaper 128 megabyte chip.

Users are seeing competitively priced USB devices for sale, mainly on ecommerce and online auction sites, and believe they have spotted a true bargain. Perhaps even worse, some suppliers set pricing at or near the level of a real larger capacity drive to get the maximum return.

The most expensive element of any USB or flash drive is the processor that powers it, so it’s an obvious scam to dress up a cheaper chipset as a much more powerful drive. In a counterfeit report that I undertook recently by for Kroll Ontrack, I purchased multiple USB drives, disassembled them and was able to show that every single one was fake.

During my tests I obtained a sample of USB drives from sellers located in the UK. These drives were all sold as having a data storage capacity of 64GB (64,000,000,000 bytes). We found that across the sample the drives could only store an average 7.8% of the stated capacity and some could only store as little as 0.14% of the stated capacity.

In all cases the drives had been fitted with cheap flash memory chips and the controller firmware had been deliberately modified to report the fake capacity. These changes to the firmware even fool your computer into thinking that there are many spare gigabytes of space to fill.

When these fake devices are used all will appear well until a certain amount of data has been written to the USB drive. But then the user will find that data they have written has disappeared or their computer will suddenly report that the drive is corrupted and must be formatted before it can be used again.

It means that the first a user will know that they have bought a dud is when data is overwritten and older backed up data is lost as a result. In other cases, the drive is filled to its capacity and data that users assume is being backed up is simply lost into the ether.

We at Kroll Ontrack have become increasingly aware of fake drives because many are brought in to us by users desperate to recover lost data. Unfortunately, it is impossible to get data back that has only been saved onto a low capacity drive if it has been lost immediately, while clearly when data is overwritten it is only the most recent information that can be retrieved.

So how should users and businesses protect themselves from fake drives? The first lesson is to buy from trusted retailers at a realistic price point, rather than from an obscure site with prices that look like bargains but are potentially fake drives that could mean losing valuable data further down the line.

I found free third party testing programmes such as h2testw enable users to test drives before they entrust their data to them, although of course by then they will have paid for them. On the plus side, users will not put their valuable data at risk by using fakes, so will only lose a few pounds or euros buying the drives – and nothing more.

In general, it always pays to back data up regularly using multiple media, including the cloud and removable or permanently attached storage devices. While the trend for fraudsters to produce fake drives continues, this is definitely a case of ‘buyer beware’. If flash or USB drives look ridiculously cheap, then it is probably because they are not what their sellers say they are.