Solid-state drives (SSDs) are becoming popular replacements for hard drives, especially in laptops, but experts caution that SSDs aren't as secure as commonly thought.

SSDs offer better data security than traditional hard drives but they do not completely erase data and are vulnerable to physical hacks. The drives are gaining in popularity, particularly for use in laptops, because they consume less power and access data more quickly.

But many SSDs use industry-standard NAND flash chips designed for cameras and MP3 players, so they have no physical security hooks that prevent them from being removed from enclosures, says Jim Handy, director of Objective Analysis, a consulting firm. A hacker could unsolder NAND chips from an SSD and read the data using a flash chip programmer. Once the data is read, the files could be reassembled using data-recovery software. "There's really nothing sophisticated about this process," he says.

Another hack involves using an ultraviolet laser to wipe out lock bits-or encryption locks-from fuses on chips that secure SSDs, says a chip hacker who prefers to be called Bunnie and runs the blog site Bunnie Studios. Data arrays from SSDs can be read using standard means after the lock bits are wiped.

To lessen chances of hackers stealing data, encryption keys could be integrated inside the SSD controller device to handle disk encryption at the hardware level, says Craig Rawlings, marketing director at Kilopass, a vendor of products using extra permanent memory technology that stores keys in system-on-chip devices.