Swanson proposed another possible use of the technology: to prevent counterfeiting of devices such as cellphones and tablets that contain flash. It could also be used by governments to determine whether spies had swapped an official's phone with a seemingly identical one that is bugged, he said.

Testing flash silicon as a proxy for an entire device provides an authentication technique that doesn't require any hardware changes, Swanson said. It only requires firmware and an infrastructure for testing devices at key points in the supply chain, he said.

"I think if someone wanted to do this, they could do it now," Swanson said. The technology could be licensed to manufacturers, who would create a database of results for each of the chips that ships out of the factory. No manufacturers have approached Swanson's team yet, he said. The research was first presented last month.

The system uses "physically unclonable functions" (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions.

Data is written and erased from NAND flash through changes in the states of each cell, which are applied by sending a voltage through the cell. If a cell is rewritten many times in a row, the voltage can bleed into an adjacent cell so much that the adjacent cell also changes its state. The order in which cells are modified prevents this from happening in normal operation, Swanson said.