The Fox Report
Barry Fox’s technology column
Too cheap to be true?
I
n last month’s column I suggested replacing the
‘old-fashioned’ mechanical spinner HDD (hard disk
drive) in a computer with a ‘new-fashioned’ SSD (solidstate drive), as a relatively simple way to radically improve
overall performance. I added a few caveats, notably the
warning that scammers are using online sales sites to offer
fake high-capacity (mainly 1TB) SSDs at surprisingly low
prices. Now is the time to flesh out this warning.
Scam drives
The fake capacity scam follows on from the scam sale, which
began several years ago, of phoney USB memory sticks and
portable USB HDDs. Fortunately, there are some easy, and
free, ways to spot the phonies.
Hard technical and historical facts are tough to tie down,
but it seems that one or more clever factories in China have
created a memory controller chip that gives a false reading
for the memory cells it is controlling. The controller tells a
computer that the memory capacity is 1TB when the actual
memory chips can only store around one tenth of that. The
controller also fools the ordinary formatting process. So,
plugging suspect memory into a computer and even fully
formatting the memory fakes the 1TB capacity. In use, data
appears to write to the memory as intended. But once the
amount of data exceeds the real memory capacity, new data
simply over-writes what was previous written or disappears
into a black hole.
Over recent years I have been sold fake capacity USB
sticks, portable HDDs and now SSDs. I was lucky. I know
enough about IT to check, return to the seller and get a full
refund. Many people, especially IT innocents looking for a
bargain, will probably never know the drives they bought
have not been storing all the data they appeared to be storing.
By the time they find out that some of their stored data has
been lost, all hope of claiming a refund will be long gone.
The seller will probably be long gone, too. Very likely some
sellers do not even know they are selling fakes because they
do not have the IT savvy to check what their supplier has
supplied. Most customers will not discover the problem until
they find they cannot access data stored months or years
earlier. They may well then assume the data loss is due to
user error, media ageing or accidental erasure.
Because many online sellers all sell basically the same
products, albeit dressed up in different cosmetic packaging, and sometimes with counterfeited trusted names, the
golden rule is to check
real capacity immediately after purchase and
before storing any data.
Experience suggests that
once someone who is
knowingly, or unknowFull formatting of an SSD can take
ing, selling fake drives
the best part of a day.
Practical Electronics | December | 2023
is confronted with a fact-based refund claim, they will not
want to risk a dispute that exposes the scam.
But… how do you check if even full formatting will not
expose the scam?
Is it a fake?
Fortunately, there are several capacity test apps available for
free download. Take your pick from a web search but I opted
for, and am recommending to others, the simple MediaTester.
This is available as a standalone .exe file (no installation
needed) from the Windows Online Store (which is in itself a
good indication of safety), and also from Github:
https://bit.ly/pe-dec23-msmt
https://bit.ly/pe-dec23-ghmt
Software author Doug Krahmer says: ‘Fake media sales have
reached epidemic proportions. Fake media is being falsely labeled with popular brand names including SanDisk, Samsung,
Sony, Kingston, and others. Not only are these counterfeit,
but they often contain less storage than the cards report to the
computer. A 128GB SD card may actually contain only 8GB
or 4GB of actual space. After filling up all of the real space,
the card will respond as if it is storing the data but it is actually throwing it away. The files will look like they exist but
they are actually full of null bytes or completely corrupted.
If you try to read the data you will find that it is ALL GONE.’
The screen grabs show a few readouts from MediaTester, captured while checking a range of SSDs. Most
(bought from Amazon) passed the test because I paid a
fair price for the capacity offered.; £17 for 256GB and £37
Bliksem test moved on to reading and verifying.
15
(Left) MediaTester reports that a 256GB SSD, bought to use as
the cache in a NAS, has passed the test.
(Above) MediaTester reports that a 1TB SSD quickly failed
the test, even though it had been fully formatted, apparently,
correctly. So I asked for and got a refund.
A fair low-priced 1TB SSD labelled Bliksem went through the
day-long process of writing, reading and verifying – and Passed
of cloning the OS direct to the SSD from the HDD, making
an image copy of the old HDD OS on an intermediary HDD
and then restoring from this to the new SSD.
Yet another scam
for 1TB. The failure SSD was suspiciously cheap; 1TB
for £18 from eBay. But it would obviously be dangerous
to assume that just because an asking price is high, the
product is legitimate. The seller may just be marking it
up as a disguise.
Take your time
Be warned that fully checking an SSD can be very slow. A 1TB
drive can take a day. One advantage of using MediaTester is
that it runs a simple check before a full check, so phoney SSDs
may fail after an hour or so, making a full check unnecessary.
If an SSD fails, make a screen capture of the fail note and
append this to any claim for a refund. That way the claim
is more likely to sail through. The eBay seller refunded
my £18 with no quibbles. But with bare-faced cheek he
asked me not to leave ‘non-positive feedback’. Of course,
I did, to warn others: www.ebay.co.uk/itm/115852033293
‘The real capacity of this SSD was only around one tenth
the 1TB claimed, as shown by routine Properties checks
and formatting. I immediately asked for a refund and was
immediately promised a refund. Similar cheap SSDs are
widely on sale. I strongly suggest that anyone with one
urgently checks it with the test software (such as the free
MediaTest mentioned above). Although the SSD may appear to be storing data it may silently overwrite once the
real capacity is exceeded.’
The fake I bought and returned is now listed as ‘Out of Stock’.
OS cloning note
As a footnote tip, learned from successfully upgrading
a Lenovo PC by replacing its HDD spinner with an SSD,
Cloning the OS (operating system) direct from HDD to
SSD may expose an annoying action by Windows; the
PC may insist on assigning the SSD more than one Drive
letter (eg, C: for the Windows OS and E: for the Windows
Rescue partition). This problem may be solved by, instead
16
Talking of clever scams, exploitation of a loophole in
the lost password option offered by mobile (cell phone)
networks, is escalating. One of my SIMs is O2 Pay as You
Go, and I now get at least one call a week from scammers
with foreign accents claiming to be from O2, and offering
me a better deal on ‘my contract’. The fact that I have no
contract immediately flags the call as a scam, but others
who do have contracts may well be suckered – especially
because many companies now out-source their sales and
support to Asia.
Sometimes I play along to confirm that the network has
still not been able to plug the security loophole.
Briefly, here’s how the scam works. The caller picks
a mobile number at random or from harvested lists and
hopes that (as in my case) it is still linked to the network
that originally allocated the number.
After some flannel talk about service and deals on offer,
the scammer says he/she will send a 6-digit security code
to prove they are really from O2. The caller also says to
ignore the security warning text which precedes the code.
It’s like the EULAs we never read.
Unbeknownst to the phone-owner the scammer has gone on
line to the network website, while flannelling, and uses the
called number to exploit the network’s Lost Password/Password
Reset facility. This is what sends the owner a security code.
If the phone-owner falls for the trick and reads the code to
the scammer, the scammer can immediately re-set the password, thereby locking out the rightful owner, and wreaking
havoc, for instance using stored financial details to buy credit
or order a new phone, and steal anything else available.
If I have a little time to spare, I sometimes waste the
scammer’s time by reading out wrong six-digit codes; I also
ask for the address where they are working.
The last time this happened the scammer told he was
at O2’s HQ at ‘Batherd, Slog, Birkshire’. He was of course
reading Bath Rd, Slough, Berkshire from his scam script!
Practical Electronics | December | 2023
