A fake SSD can copy the label. It has a harder time copying the evidence.
A counterfeit “Samsung 990 Pro” can arrive with a flawless label, the right name, even the right capacity — and still be a slow drive wearing a borrowed identity. With flash prices spiking in 2026, here’s what your Mac can actually read off a drive, and the honest limits of what any of it proves.
The short version
- Flash got expensive fast: TrendForce reports flash-memory contract prices rose sharply in the first half of 2026 (SLC NAND a reported 130–150%) — and expensive real flash makes counterfeits more profitable.
- A counterfeit’s label is the easy part to copy; its behavior and self-reported identity are harder. CrystalDiskInfo 9.9.0 (2026-05-18) added a
[FAKE]tag for counterfeit Samsung SSDs by reading the firmware string and PCI vendor ID. - In a separate reported case, a fake 990 Pro looked right on the label but ran at a reported ~10–20 MB/s and reported PCIe 3.0 where a real one is PCIe 4.0.
- On a Mac you can read a drive’s model, firmware, serial, link, and (sometimes) SMART wear — useful evidence, never an authenticity verdict.
- Honest limit: CoreGuard observes and explains that evidence; it does not detect counterfeits or certify a drive as genuine. Only the maker’s tools and support can do that.
Here is the uncomfortable thing about a counterfeit SSD: the part you look at is the part that’s easiest to fake. The sticker, the model name, the box, even the capacity the drive claims — all cheap to copy. What’s expensive to fake is the thing you can’t see by looking: a real controller, real flash, and a drive that does what it says under sustained load.
That gap is the whole story. And in 2026 it matters more than usual, because the economics just tilted hard toward making fakes.
Why fakes spread when flash gets expensive
Real NAND flash got a lot more expensive this year. TrendForce reported on June 16, 2026 that SLC NAND contract prices surged a reported 130–150% in the first half of 2026, with another reported 70–75% possible in the second half; NOR flash rose a reported 100–120%. Their explanation: suppliers are steering capacity toward higher-value products like HBM and advanced 3D NAND, leaving the mature-node flash squeezed, with no major capacity expansions announced. Those headline figures are SLC NAND and NOR flash specifically — a market-wide tightening signal more than the exact TLC NAND inside a consumer 990 Pro — but a squeeze that broad ripples across the whole flash supply.
You don’t need to care about contract pricing to feel the consequence. When genuine flash gets pricey and scarce, two things follow: legitimate drives cost more, and counterfeiting them gets more profitable. A fake that puts a cheap controller and a smaller pile of low-grade flash behind a famous label has more margin to capture than ever. The deal that looks too good during a shortage is exactly the deal worth a second look.
Two Samsung 990 Pro stories, not one
It’s worth keeping two separate reported cases straight, because they fail differently and together they show how a fake leaks.
The detection-tool story. CrystalDiskInfo 9.9.0, released May 18, 2026, added one line to its changelog: “Added: [FAKE] label support for counterfeit Samsung SSDs.” As igor’sLAB reported, it flags a suspect Samsung drive by reading two self-reported fields: the firmware version string and the PCI vendor ID. In the documented example, a fake 990 Pro exposed a Maxio controller identity rather than Samsung’s, and a bogus firmware string reported as 8888888. Crucially, igor’sLAB frames it as a low-threshold warning — Samsung-only, and explicitly “not a replacement for full manufacturer verification.”
The near-perfect-clone story. Months earlier, Tom’s Hardware reported (Feb 2, 2026) on a fake 990 Pro good enough to pass a first glance: correct product name, the right 2 TB capacity, a normal-looking firmware string (0B2QJXD7), and a flawless label. It even looked fine in an initial check. The tells came from behavior and connection, not the sticker: it reportedly negotiated PCIe 3.0 where a genuine 990 Pro is a PCIe 4.0 drive, and it managed sequential speeds of a reported ~20 MB/s read and ~10 MB/s write — slower than an old USB 2.0 stick. It was bought for a reported ~$205 against roughly $300 retail, and Samsung’s own Magician tool finally flagged it as a counterfeit clone.
One fake gave itself away in the firmware string and controller ID. The other passed those checks and gave itself away the moment it had to actually move data. Different tells, same lesson: the label is not the drive.
To be careful with attribution: the Maxio controller and the 8888888 firmware belong to the CrystalDiskInfo case; the 0B2QJXD7 string, the PCIe-3.0 link, the ~10–20 MB/s speeds and the Samsung Magician verdict belong to the February case. They’re two drives, not one. And none of this says every cheap drive is fake — only that price is not evidence, and a label is not proof.
What a drive tells your computer about itself
When you plug in an NVMe SSD, the drive answers a standard set of questions about its own identity — the NVMe Identify Controller data. The fields that matter here:
- Model Number — the product-name string the drive reports (e.g. “Samsung SSD 990 PRO 2TB”).
- Firmware Revision — the controller’s firmware string.
- Serial Number — the drive’s claimed serial.
- PCI Vendor ID / Subsystem Vendor ID — who the device and subsystem say they’re made by.
The catch is in the word say. Every one of these is self-reported — a string the drive hands the host. It’s genuinely useful evidence, but it is not cryptographic proof, and a determined counterfeit can copy a model string as easily as it copies a sticker. What’s harder to fake convincingly is internal consistency: a drive that claims to be a Samsung 990 Pro but reports a third-party controller vendor is telling you two stories that don’t agree.
Where counterfeits leak evidence
Fakes tend to betray themselves in a handful of ways, and the honest framing for every one of them is the same: a single tell is a question, not a verdict.
Controller and vendor mismatch. A drive sold as a Samsung 990 Pro should not be built around a third-party controller. When the reported vendor path points somewhere Samsung wouldn’t ship, that’s a strong question.
A bogus firmware string. Something like 8888888 obviously isn’t a real Samsung revision. But the inverse doesn’t hold: a normal-looking string like 0B2QJXD7 doesn’t prove anything, because the February clone had one and was still fake.
Capacity lies. The controller can claim 2 TB while far less real flash sits underneath. A full write-then-read-back exposes that kind of fake, because once you exceed the real flash the old data wraps, corrupts, or errors out. Some counterfeits do carry the advertised capacity, though, so passing this test alone isn’t a clean bill of health.
Sustained-write collapse. Many cheap SSDs — and plenty of legitimate ones — write fast only while a small pseudo-SLC cache is empty. Once it fills, sustained writes can fall off a cliff. By itself that’s just a budget drive; paired with an identity mismatch, the wrong link generation, or an absurd price, the ~10–20 MB/s collapse in the reported case becomes part of a picture.
Impossible wear history. A drive sold as new that already reports meaningful Data Units Written or Power-On Hours is suspicious. So, sometimes, is one reporting suspiciously perfect zeros. Neither is proof; both belong in the inspection pile.
What you can actually check on a Mac
Here’s the practical part. macOS won’t hand you a “genuine” stamp, but it will show you a drive’s self-reported identity and, often, its wear — enough to see when the story doesn’t add up. Start here:
$ system_profiler SPNVMeDataType # model, firmware, serial, link
$ system_profiler SPStorageDataType # volumes, capacity, layout
$ diskutil list # find your disk (diskN)
$ sudo smartctl -a /dev/diskN # SMART: Data Units Written, Percentage Used, Power-On Hours
N/A; external and Intel drives show more. (Example readout.)system_profiler shows what the drive claims to be: model, firmware, serial, and the negotiated link. smartctl (from brew install smartmontools) reads NVMe SMART — Data Units Written, Percentage Used, Power-On Hours, temperature, media errors and warnings — when the drive or its USB bridge exposes them.
And the honest caveat, because I’d rather under-promise: on Apple Silicon, the internal SSD generally doesn’t expose full NVMe SMART through smartctl the way an external Thunderbolt NVMe drive or many Intel Macs do. USB enclosures vary — some hide the vendor and PCI details, or need bridge-specific handling. So “just run smartctl” is good advice that quietly does less on the exact machine a lot of people are reading this on. For an external or add-in drive, though, it reads plenty.
For the sustained-write reality check, write something bigger than a brief cache burst to the suspect drive — never your system disk, and only with a backup and free space — then watch whether the speed holds:
# on the SUSPECT external drive only, with a backup in place:
$ cd /Volumes/SuspectSSD
$ time dd if=/dev/zero of=ssd-write-test.bin bs=1024k count=51200 conv=fsync # ~50 GiB
$ rm ssd-write-test.bin
If a “PCIe 4.0” drive sustains USB-2 speeds once the cache is gone, that’s a real signal. It is still a reality check, not an authenticity verdict. For Samsung specifically, the actual authenticity tools live on Windows: Samsung Magician and current CrystalDiskInfo. Run them if you can, and trust them over any general health app on the authenticity question — including ours.
Where CoreGuard fits — and where it doesn’t
This is the part where, after all that, I have to be straight about what CoreGuard does, because overclaiming here would be exactly the kind of thing this article is warning you about.
CoreGuard shows you the evidence; it does not render the verdict. It reads a drive’s health, its self-reported model and firmware, and its wear — and keeps a history of that wear instead of a single snapshot — so you can see when a “new” drive’s numbers don’t match its story. The SSD health verdict, the life-remaining percentage, the failing-or-worn-drive and full-disk danger warnings, the live monitoring with a kept history, and the disk-write anomaly warning are free, because knowing a drive is in trouble should never cost money. The deeper endurance detail — TBW / Data Units Written, power-on hours, raw SMART, the wear trend and “years left” estimate, the speed benchmark, the per-app write timeline and the exportable Condition Report — is the Pro tier. (Same honest caveat as above: where Apple Silicon doesn’t expose full SMART, CoreGuard shows what your hardware exposes and doesn’t pretend otherwise.)
Here’s the hard line, and I want it in plain text: CoreGuard does not detect counterfeit SSDs, does not certify a drive as genuine, does not replace Samsung Magician, and cannot predict a failure date. It is a passive diagnostic — it observes and explains, it never cleans, optimizes, or “speeds up” anything, and it never touches your files. What it gives you is the drive’s own evidence, in plain English, and the Condition Report as portable proof you can hand a seller or keep for a return — which, when a drive’s identity and behavior disagree, is often all you needed to make the call yourself.
CoreGuard isn’t out yet — the download and checkout go live shortly. Pro is a one-time $29 (Family $49), perpetual, not a subscription, with a 30-day money-back guarantee. Danger visibility is always free; Pro is the power tools and the portable proof, never the knowledge that something’s wrong.
What to do if the evidence looks wrong
If the identity and the behavior don’t line up, treat it as a dispute you need to win, not a fight you need to pick:
- Preserve the record. Keep the receipt, the listing, packaging photos, the serial label, and screenshots of what the tools showed.
- Stop trusting the drive with anything that isn’t already backed up — especially if a write-read test threw errors.
- Verify through the manufacturer. Run the maker’s own tool, and use the vendor’s serial/warranty check or support channel to confirm authenticity.
- Use the return window. A documented identity mismatch plus a manufacturer flag is a strong basis for a refund or chargeback.
- Keep it factual. Report the drive and the evidence; don’t publicly brand a specific seller or marketplace a fraudster on your own say-so. Let the evidence and the platform’s process do that work.
How to sanity-check an SSD on a Mac
- Record the provenance first: before installing, keep the receipt, the listing, packaging photos, and the serial-number label.
- Read the self-reported identity:
system_profiler SPNVMeDataTypeandSPStorageDataType— note model, firmware, serial, capacity, link. - Read SMART wear if exposed:
diskutil listto find the disk, thensudo smartctl -a /dev/diskN(afterbrew install smartmontools) — Data Units Written, Percentage Used, Power-On Hours, errors. - Mind the Apple-Silicon limit: internal M-series SSDs often don’t expose full SMART; external Thunderbolt/NVMe and many Intel drives do.
- Run a sustained write test on the suspect drive only (never your system disk; backup + free space first), and watch whether speed collapses after the cache fills.
- Confirm with the maker’s tools: for Samsung, check on Windows with Samsung Magician and current CrystalDiskInfo; if results conflict, stop using the drive for important data and contact Samsung support.
Frequently asked questions
How do I check if an SSD is fake on a Mac?
On a Mac you gather evidence rather than get a final verdict. Read the drive's model, firmware, serial and link info with system_profiler SPNVMeDataType, read SMART wear with smartctl from smartmontools where the drive exposes it, and run a large sustained write to see whether real-world speed collapses. A mismatch between the claimed identity and what the drive actually does is a red flag, but only the manufacturer's own tools and support can confirm authenticity.
Can CrystalDiskInfo detect fake Samsung SSDs?
CrystalDiskInfo 9.9.0 (released 2026-05-18) added a [FAKE] label for counterfeit Samsung SSDs, flagging them by checking the firmware string and PCI vendor ID. It is Windows software and Samsung-focused, and its own notes call it a low-threshold warning, not a replacement for full manufacturer verification or a general counterfeit scanner.
Can CoreGuard tell if my SSD is counterfeit?
No. CoreGuard observes and explains: it shows SSD health, wear, writes, raw SMART where available, and benchmark behavior, so you can see when a drive's claimed identity and its actual behavior do not line up. It does not certify a drive as genuine, call a drive a fake, or replace Samsung Magician. Authenticity is a manufacturer question.
Why does my Samsung 990 Pro show PCIe 3.0 instead of PCIe 4.0?
On a PC slot that supports PCIe 4.0, a genuine 990 Pro reporting only PCIe 3.0 can be a red flag — that mismatch was part of one reported counterfeit case. On a Mac, an external drive's link speed is often capped by the enclosure, adapter, cable, or port, so PCIe 3.0 there usually means the bridge, not a fake. Check the link the drive negotiates against what both the drive and the connection support.
What SMART values show SSD wear?
For NVMe, look at Data Units Written (host data written, reported in 512-byte units times 1000), Percentage Used (the drive's own estimate of consumed endurance), Power-On Hours, Available Spare, media errors and critical warnings. A drive sold as new that already shows high writes or hours is suspicious. Missing or zeroed wear data is common on Apple-Silicon internal SSDs and is not proof of anything by itself.
Is a cheap Samsung 990 Pro safe to buy?
A deep discount during a flash shortage is a risk signal, not proof of a fake. Buy from reputable channels, keep the receipt and packaging photos, record the serial, and verify a Samsung drive with Samsung Magician where you can. If the price is far below everyone else during a price spike, treat the drive as unproven until the evidence checks out.
Does a fast benchmark prove an SSD is genuine?
No. Some counterfeits look plausible in a short benchmark because a small pseudo-SLC cache absorbs the first few gigabytes quickly. Sustained writes past that cache, the controller identity, the negotiated link speed, the manufacturer's own tools, and the purchase provenance matter together. One good number proves nothing on its own.
A drive’s evidence beats its label.
CoreGuard reads your SSD’s health, wear, and self-reported identity — and keeps the history — so a “new” drive whose numbers don’t match its story can’t stay quiet. It observes and explains; it won’t certify a drive genuine or call one a fake — it shows you the evidence and gives you a Condition Report to act on.
launching soon · one-time purchase, not a subscription · 30-day money-back · local-only, zero telemetry
Sources & further reading
- TrendForce — NOR Flash & SLC NAND contract prices surged in 1H26 (2026-06-16)
- CrystalDiskInfo version history — 9.9.0 “[FAKE] label support for counterfeit Samsung SSDs” (2026-05-18)
- igor’sLAB — how CrystalDiskInfo 9.9.0 flags counterfeit Samsung SSDs (firmware + PCI vendor ID)
- Tom’s Hardware — fake Samsung 990 Pro passes basic checks but runs slower than USB 2.0 (2026-02-02)
- NVM Express — specifications (Identify Controller data structure)
- smartmontools — smartctl (read NVMe SMART: Data Units Written, Percentage Used)
Related reading