[RandomBK]

I see a lot of discussion in this thread stemming from some confusion+not reading the actual report[0].

Some key points:

1. The Camera+Card was encased in a separate enclosure made of titanium+sapphire, and did not seem to be exposed to extreme pressures.

2. The encryption was done via a variant of LUKS/dm-crypt, with the key stored on the NVRAM of a chip (Edited; not in TrustZone).

3. The recovery was done by transplanting the original chip onto a new working board. No manufacturer backdoors or other hidden mechanisms were used.

4. Interestingly, the camera vendor didn't seem to realize there was any encryption at all.

[0] https://data.ntsb.gov/Docket/Document/docBLOB?ID=18741602&Fi...

[Keeblo]

Unless I misread the article, the key was stored in the NVRAM and not the TrustZone.

IIRC, the article stated that if the key(s) had been stored in the TrustZone then the data would have been irrecoverable.

[RandomBK]

Good catch; it was somewhat ambiguous in the report.

[blablabla123]

> 1. The Camera+Card was encased in a separate enclosure made of titanium+sapphire, and did not seem to be exposed to extreme pressures.

I wonder what the price of the enclosure was then. Feels a bit like click bait...

[spacecadet]

Alot. Just google cameras for deep sea and space. Several companies make these and despite all the covering up, none of the tech is that special.

[rtkwe]

It might have been filled with mineral oil, those external enclosures often setup that way so that the enclosure is less extreme to manufacture. Not sure if that would work for camera lenses though unless those were also filled.

[robotguy]

As someone who was on the product team for a 6000msw video camera, it's probably not filled with mineral oil. I doubt anyone makes subsea camera bodies/optics completely from scratch, and off-the-shelf units are not designed for pressure. In ours we used Sony camera internals, the enclosure was atmospheric, filled with dry nitrogen to reduce condensation, and the sapphire lens was designed to resist 12500psi and reduce distortion from the air-->sapphire-->seawater interface.

[rtkwe]

Hmm ok that would have explained why the SD card wasn't damaged if it were because when the vessel is filled with mineral oil it wouldn't have imploded like the main body of the craft.

[squigz]

Clickbait? Where? How? It's literally in the NTSB report, and it's not like, a crazy concept?

[jodrellblank]

Here; the title focusing on the price is implying that the cheap SD card survived ocean floor environment alone. A surprising amount of stress for its price.

Instead, a pressure-proof deep sea camera module was found at the wreckage site. It’s less interesting that an expensive thing rated for ocean depths was intact at ocean depths.

Its like “missing child found after 4 days in Alaska temperatures!”

gasp! How did they survive!

“The child was on holiday in their grandparents’ holiday log cabin, with their grandparents, a log fire, food, water..”

Oh. Clickbait. Hiding the boring bit to make the story appear more of a tease.

[quuxplusone]

I noticed a pattern a few months ago in my phone's newsbait feed of headlines in the format "[Large familiar company] to close 500 stores on [date]" — and then below the fold "because it's [Independence Day, Rosh Hashanah, etc]" or "because they are moving to summer hours" or whatever.

[bigstrat2003]

> Here; the title focusing on the price is implying that the cheap SD card survived ocean floor environment alone. A surprising amount of stress for its price.

I certainly did not read that implication into the title, so it's entirely possible that the author didn't mean it.

[jodrellblank]

- camera module found, was there photo/video/audio of the disaster? (no)

- thing survived ocean depths, unexpectedly.

Without either of those, what did you read into the title? "Part of wreckage found at wreckage site"? And you still clicked?

[Spooky23]

That was a laugh I needed and I’m using that in the future. The timing was perfect and I lost some coffee. Thank you!

[account42]

The title of TFA is clickbait - it tries to make it sound like the memory card itself withstood extreme pressures.

[nxobject]

If the encryption was that easy to bypass, was it worth it at all?

[phire]

The manufacturer didn’t even know encryption was enabled, because as long as the camera was working, it would just provide all files over USB without any encryption.

It was basically enabled by accident, and the only thing it prevented was recovery of files directly from the SD card when the camera was damaged.

[astrange]

There are some reasons you'd want to encrypt even without a secret key. One is it makes it easier to erase data (just erase the key).

It also makes bit flip errors a lot more obvious, which is another way of saying harder to ignore, so that can go either way.

[ranger_danger]

Can't bit flip errors also destroy encrypted volumes much more easily?

[dgoldstein0]

I think it depends. Encrypted filesystems typically encrypt contents of each file separately - that way you don't need to read / write the whole disk to read it write any individual file contents. Of course that means metadata may be in plain text or may be separately encrypted - again possibly folder by folder instead of all metadata at once. Exact details would vary with different file system encryption schemes.

Whereas if you image the disk and encrypt the image properly, that gives you all the great confidentially guarantees but no random access.

[astrange]

> Encrypted filesystems typically encrypt contents of each file separately - that way you don't need to read / write the whole disk to read it write any individual file contents.

Ah, that's not true of "full disk encryption". It usually encrypts the disk blocks.

File-based encryption is stronger; you can use different protection classes on different files, you can use authenticated encryption, etc. iOS does it this way and I assume other systems have caught up, but don't know any in particular.

[tliltocatl]

File-based encryption leaks metadata (which in some cases is bad enough to render it unusable).

[cyphar]

Most FDE systems are not authenticated so you would only lose one block (16 bytes for AES). Can this be bad? Yeah, but it's not that bad for data recovery.

[cyphar]

Not to mention that most drives start having issues with dead sectors rather than bitflips, and that's (usually) 4K.

[shim__]

Encryption does not make bit flips obivous, authenticated encryption would.

[rawling]

A single bit flip would mess up the block, and hopefully the rest of the stream and the padding, no?

[MattPalmer1086]

Most unauthenticated encryption modes only mess up a few bits of a block, sometimes the following block too. A few only flip the exact bit in the plaintext.

[anakaine]

Sure. If the card was recovered without the camera motherboard then the decryption key would not have been recovered.

[trenchpilgrim]

Stealing a camera is much harder than stealing an SD card out of a camera.

[Y_Y]

Citation needed. It might be slightly easier, but most cases where you can get part of the camera, you can get the whole camera. This isn't a little point-and-click with a handy spring-loaded slot either.

[trenchpilgrim]

Yeah but the Camera's owner is much more likely to notice "my camera is missing" than "the SD card is blank for some reason... the SD card must have failed"

EDIT: The linked PDF has a photo, the camera literally opens up to access the SD card.

[Y_Y]

The camera's (former) owner may very well notice, but that will have little effect. It's much more common that cameras (security, photography, phones) get stolen with cards inside, rather than someone extracting the card and leaving the camera.

[trenchpilgrim]

This is professional equipment, used for surveys. Think espionage, not consumer hardware.

[Forgeties79]

Worth mentioning that I would immediately know if a different SD card was in my camera the moment I turned it on or ejected the card. If somebody knew to buy the same exact model and storage size that would be truly impressive.

[ZiiS]

Industrial espionage is far far more often done by hard work then being clever. Checking the SD cards you use and buying matching ones before executing a swap isn't noteworthy.

[Fnoord]

0. They were too cheap to use an industrial grade SD. Mind boggling.

[jychang]

If you read the article, the SD card was placed there by the camera manufacturer and then the device was sealed so it would withstand pressure, and then sold to divers. Blame the camera manufacturer's engineers.

Seems like the SD card of all things performed just fine, so it hardly seems like the weak point.

[ahoka]

They are surprisingly resilient! There was a blog post a couple of years ago by someone who found a digital camera in the sea which must have been in the water for months. The author could look at the photos to see if they can find the original owner of the camera.