The Nightmare of Undead Data

A few weeks ago, I called a junk removal company to clean out my attic. I was surprised to find so many old computers buried under mounds of old magazines and clothing. I found four laptops (one Toshiba that I cannot recall ever using); four desktops (including a Macintosh II from 1987, a Macintosh Performa from the late 90s, and a working Brand X machine); six CRT monitors; and three printers. The Brand X desktop is a Windows 95 machine from 1999 that still boots and runs fine, so I am going to try converting it into a Linux test box. The others, for one reason or another, did not work and were trashed.

Data in discarded computers can pose a serious security risk if not disposed of properly. Since some of these systems had been used for business purposes, or held sensitive personal information, I decided to physically destroy the hard drives. This turned out to be easier said than done. The desktop drives (except the Performa’s) were easy to remove and destroy. However, the old laptops required a lot more effort. The drive in the Apple PowerBook G4 proved to be indestructible, so it is still sitting on my desk.

Having spent the better part of a workday taking apart old computers and destroying hard drives, I was intrigued when I later came across a paper by Michael Wei, et al. presented in February 2011 at the USENIX Conference on File and Storage Technologies. The paper, “Reliably Erasing Data From Flash-Based Solid State Drives,” describes the authors’ attempts to erase either an entire solid-state drive (SSD) or to delete a single file from a SSD or USB flash drive. Solid-state drives are routinely found in cell phones and tablet computers. Since they are faster and use less energy than traditional hard drives, they are becoming a popular choice for laptops and desktops as well as network storage.

Whole-Drive Erasure Test Results
The authors used a very simple testing process. Three methods were tried for erasing entire drives: the ATA “Erase Unit” command (part of the interface specification for ATA drives); using software to overwrite the data on the drive; and degaussing. After applying each erasure method, the drives were taken apart and accessed directly to see if they retained any of the original data. Twelve solid-state drives were used to test each method.

Four of the drives tested did not support the basic ATA security “Erase Unit” command. Of the remaining eight drives, four were successfully cleansed, and four retained data. However, one of the four drives that retained data misleadingly reported that the erasure had been successful. Thus, only four of the eight drives reliably supported the ATA security commands.

Attempts to sanitize the drives using the overwrite method were not encouraging. Results are given for the eight drives that did not use encryption.  Three drives were efficiently sanitized with one or two overwrite passes. Another one contained 1% of the test data after 20 overwrite passes.   The bad news is that the four remaining drives required between 58 to 140 hours to perform two overwrite passes.  Degaussing had no effect on any of the drives. Clearly, if the goal is to sanitize an entire drive, overwriting is the most reliable method – although it is far from perfect.

Single-File Erasure Tests
Both solid-state drives and USB flash drives were used to measure single-file overwrite reliability. The overwriting schemes that worked for an entire drive were completely unreliable for single files– even using military protocols. The best performing protocol, US Department of Defense 5220.22-M, left as much as 4.1% of the data intact on a solid-state drive and 8.9% intact on a USB flash drive. The worst performing sanitization protocols left up to 58.3% of the data on a solid-state drive and 84.9% on a USB drive.  These results are just plain scary!

It seems that we need to add one more fear to our list of concerns about HIPAA violations and data breaches–data that will not die despite your best efforts. The unreliable nature of solid-state and USB flash drive erasures, especially for single files, creates a new security nightmare for everyone–“undead” data. Just a little something to think about as you try to drift off to sleep.

(For those who would like to see Mr. Wei’s presentation, here is a YouTube link.)



Leave a Reply

Your email address will not be published. Required fields are marked *