Print 43 comment(s) - last by mindless1.. on Feb 26 at 10:51 AM

SSDs may be the key to snappy performance on laptops and desktops, but they also create security risks due to their inability to be fully wiped with present technology. Better encrypt that data!  (Source: Gear Diary)
Revelation could prove a nightmare to careless businesses and individuals

Businesses and government offices are constantly replacing computers and buying new hardware.  Typically when this is done, data on the hard drives of the defunct machines is wiped, lest it fall into the wrong hands.

However, an intriguing study [press release] by researchers at the University of California San Diego (UCSD) reveals that businesses thinking they've wiped NAND thumb drives or NAND solid-state drives (SSDs) may be in for a surprise.

Every time you write to a hard drive -- be it magnetic disk or NAND -- you make semi-permanent changes that persist until you overwrite that block of memory.  When you delete files on your computer, you typically are merely deleting the indexes of the files.  The actual data persists on the drive until you overwrite it.

Over a dozen methods have been worked out to try to fully overwrite data on a magnetic hard drive and permanently erase any traces of the drive's original contents.  Researchers tried those methods on flash drives and discovered that, at best, they left 10 MB of every 100 MB file intact.

To study how successful the data destruction was, the researchers took apart an SSD.  Rather than check the Flash Translation Layer (FTL), which would merely show data as indexed by the drive, they actually sliced out the physical chips and queried them via their pins.  This allowed them to test the data status at the lowest level.

The findings might shock some, but came as little surprise to the researchers who expected magnetic drive techniques to work less than optimally for SSDs.  

Some of the techniques attempted, such as Gutman's 35-pass method, Schneier 7-pass method, erased as much as 90 percent of data successfully.  But other techniques, like using pseudorandom numbers to overwrite data on the chip or using a British HMG IS5 baseline, left virtually the entire file intact.

Researchers Laura Grupp and Michael Wei comment, "Our results show that naïvely applying techniques designed for sanitizing hard drives on SSDs, such as overwriting and using built-in secure erase commands is unreliable and sometimes results in all the data remaining intact. Furthermore, our results also show that sanitizing single files on an SSD is much more difficult than on a traditional hard drive."

Of course, if you encrypt all the data on the SSD to start, you make it harder to access.  The researchers note this and suggest that to completely prevent data loss, users then destroy their keys and use new technology to directly overwrite all of the drive's pages.

Chester Wisniewski, a senior security advisor for Sophos Canada, blogged on the study praising its accuracy.  He writes, "To properly secure data and take advantage of the performance benefits that SSDs offer, you should always encrypt the entire disk and do so as soon as the operating system is installed... [S]ecurely erasing SSDs after they have been used unencrypted is very difficult, and may be impossible in some cases."

These results are not only troubling for business and government users, but for home users as well.  You have plenty of things to worry about falling into the wrong hands -- personal emails from your family; credit card records; medical records; and other private info.  At present, you can't be 100 percent sure you can securely dispose of SSDs with this kind of information, but by using encryption you can reduce the likelihood of someone get your information to almost zero. 

According to a recent iSuppli report, only 2 percent of laptops currently carry SSDs.  However, iSuppli predicts that by 2014, that total will rise to 8 percent.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By quiksilvr on 2/22/2011 10:39:42 AM , Rating: 0
I can never recover lost data on my USB flash drive because it's...flash. Once you delete it, it isn't just waiting there to be overwritten by something else, it just disappears.

So let me get this straight. If you delete a file just once on flash, it isn't recoverable (at least, not with the software I use), but it's still there. But if I delete it on a hard drive, its recoverable and completely erasable....What?!

RE: But....
By XZerg on 2/22/2011 10:58:15 AM , Rating: 5
Just because you delete a file does not mean they are wiped from the drive for either. They are just removed from the file allocation table (just entry where to look for the file is deleted and so the OS no longer knows the file exists). The data is still in tact and remains so until it is overwritten.

RE: But....
By gamerk2 on 2/22/2011 11:03:52 AM , Rating: 2
Correct. When you delete a file, you are only deleting the index to that file. The location where the data is stored is not changed in any way until something else overwrites it.

RE: But....
By fake01 on 2/22/2011 11:38:37 AM , Rating: 2
Don't SSD manufacturers have their own wipe programs that actually wipe the SSD's unlike normal wipe programs?

But speaking of deleting and recovering, I remember when my 250GB HDD died. I used Photorec to recover all the data from it and over 350GB of data was recovered. Yet it was only a 250GB HDD. I'm still trying to work out how that was even possible.

It even recovered data that was present after several formats and new OS installations, although most was corrupts or incomplete.

RE: But....
By mooty on 2/22/2011 11:45:59 AM , Rating: 2
Because the software was trying to follow every possible chain it found on the disk, even if the blocks in the chain were long since overwritten. There wasn't actually 350GB data on the 250GB HDD, just the software read parts of the data multiple times.

RE: But....
By melgross on 2/22/2011 12:28:04 PM , Rating: 2
In addition, a large amount of data is compressed. It's possible that upon recovery, that data was decompressed. If you look into the OS itself, for example, you‘ll find classes that are zipped. They're kept that way until needed, then unzipped, and then zipped again so that you aren't aware it's being done.

RE: But....
By GuinnessKMF on 2/22/2011 11:32:45 AM , Rating: 2
Software you use != pulling the individual silicone and addressing it directly. It doesn't just disappear because it's flash, these guys are talking about high level data recovery used in corporate espionage, hell I think one of the security papers reported on on this site had to do with being able to recover passwords from a stolen laptop by freezing the ram so that it could be unplugged and analyzed without the memory state being changed.

These aren't standard data recovery methods.

RE: But....
By AnnihilatorX on 2/22/2011 11:58:18 AM , Rating: 4
Try this experiment yourself

Delete a file from your USB stick.
Do not do any other file writes on the USB disk.
Use software like FreeUndelete and search for deleted files, I can gaurantee you that it can be recovered

You can recover it because when you delete stuff, only the index to where the file located on disk is deleted, the actual data is not overwritten and hence still there. Programs like FreeUndelete searches for all empty spaces to find valid files.

RE: But....
By ShaolinSoccer on 2/22/2011 11:24:09 PM , Rating: 2
FreeUndelete doesn't seem to work too good. Not even for something I deleted then immediately ran the program. There are tons of stuff it should've found but never did. I have 30GB of space left over on the drive it scanned and I know I deleted about 2GB's of stuff yesterday that it never found. And I haven't installed or downloaded 2GB's of data since yesterday.

"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki