Data Remains on USB and SSDs After Secure Erase

Tuesday, March 01, 2011

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

New research shows that secure erase programs used on standard hard drives to wipe important data do not completely erase solid-state (SSD) drives and USB thumb drives. As much as 75 percent of the data could remain after a successful secure wipe.

SSD drives are being used more frequently now, especially as boot drives in laptops, because of their high speeds. But it looks like raw speed is not the only difference between them and standard hard drives.

According to The Register, the difference lies in the way that SSD and USB flash drives function. Unlike standard hard drives that store the file in a single location, flash drives can make multiple copies of the file on the flash drive and just points to the latest version:

The difficulty of reliably wiping SSDs stems from their radically different internal design. Traditional ATA and SCSI hard drives employ magnetizing materials to write contents to a physical location that’s known as the LBA, or logical block address. SSDs, by contrast, use computer chips to store data digitally and employ an FTL, or flash translation later, to manage the contents. When data is modified, the FTL frequently writes new files to a different location and updates its map to reflect the change.

According to scientists at the University of California at San Diego, different wiping techniques left varying levels of information behind. Up to 67% of data remained when using Mac’s OSX secure wipe.

Up to 58% of data was recoverable when using British HMG IS5. Pseudorandom wipes were the worse, up to 75% of wiped data was recoverable.

When you run a secure wipe on a hard drive, the program will write data over top of the existing data to make sure it is unrecoverable. Random binary 0′s and 1′s are written over the existing ones, sometimes numerous times.

This works very well, because the data is only located in one area of the drive. Because SSD drives could hold copies of the data in a couple of areas, only the active copy is securely erased, and the copies may go untouched and be fully recoverable.

The scientists used a $1,000 device to recover the data, but a DIY version could be made for about $200. According to the article, SSD drives that store information in an encrypted form are much safer to use.

This is something for companies to keep in mind when they go to use and discard SSD drives that contain critical data.

I am sure now that the need has surfaced for a SSD secure erase program, we will probably see several in the near future. 

Cross-posted from Cyber Arms

Possibly Related Articles:
18988
Breaches
data destruction USB Drives Data Management SSD Secure Erase
Post Rating I Like this!
Default-avatar
Maria Osipova At WinMagic we put forward the proposition that destroying or overwriting the encryption key on hard drives and solid state drives is a plausible and real way of sanitizing them. This method is commonly referred to in the industry as “crypto erase”. We've created a whitepaper that compares the traditional sanitization methods to the crypto erase method. Encrypting removable media should ensure that data can't be accessed by unauthorized users.
http://www.winmagic.com/kw/download.php?url=/whitepapers/WM_WhitePaper_Reduce_Cost_Ownership_of_Laptops_Desktops_20110127.pdf
1299794831
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.