Data remains on USB and Solid-State Hard Drives (SSDs) even after Secure Erase

New research shows that secure erase programs used on standard hard drives to wipe important data do not completely erase solid-state (SSD) drives and USB thumb drives. As much as 75 percent of the data could remain after a succesful secure wipe.

SSD drives are being used more frequently now, especially as boot drives in laptops, because of their high speeds. But it looks like raw speed is not the only difference between them and standard hard drives.

According to The Register, the difference lies in the way that SSD and USB flash drives function. Unlike standard hard drives that store the file in a single location, flash drives can make multiple copies of the file on the flash drive and just points to the latest version:

The difficulty of reliably wiping SSDs stems from their radically different internal design. Traditional ATA and SCSI hard drives employ magnetizing materials to write contents to a physical location that’s known as the LBA, or logical block address. SSDs, by contrast, use computer chips to store data digitally and employ an FTL, or flash translation later, to manage the contents. When data is modified, the FTL frequently writes new files to a different location and updates its map to reflect the change.

According to scientists at the University of California at San Diego, different wiping techniques left varying levels of information behind. Up to 67% of data remained when using Mac’s OSX secure wipe. Up to 58% of data was recoverable when using British HMG IS5. Pseudorandom wipes were the worse, up to 75% of wiped data was recoverable.

When you run a secure wipe on a hard drive, the program will write data over top of the existing data to make sure it is unrecoverable. Random binary 0’s and 1’s are written over the existing ones, sometimes numerous times. This works very well, because the data is only located in one area of the drive. Because SSD drives could hold copies of the data in a couple of areas, only the active copy is securely erased, and the copies may go untouched and be fully recoverable.

The scientists used a $1,000 device to recover the data, but a DIY version could be made for about $200. According to the article, SSD drives that store information in an encrypted form are much safer to use. This is something for companies to keep in mind when they go to use and discard SSD drives that contain critical data.

I am sure now that the need has surfaced for a SSD secure erase program, we will probably see several in the near future.  

Computer Security Tool: High Speed SSD Based Password Cracker

According to The Register, a new SSD based password cracker claims to be 500  times faster than Russian Elcomsoft tool.

Swiss security firm Objectif Sécurité has found that password cracking tools optimized to work with Solid State Drives (Solid State Drives) have achieved speeds up to 100 times quicker than previously possible. A SSD is a high speed hard drive that uses solid state memory instead of traditional magnetic platters and a read/write head. Being a total electronic solution, it can process data much faster than a mechanical hard drive.

“After optimising its rainbow tables of password hashes to make use of SSDs was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. Objectif Sécurité’s Philippe Oechslin told Heise Security that the result was 100 times faster than possible with their old 8GB Rainbow Tables for XP hashes.”

This technique is claimed to be 500 times faster than Russian company Elcomsoft tool which uses Nvidia graphic card memory to aid in cracking. It appears that it is the hard drive and not RAM speed that is the bottleneck in password hash lookups.

Read the full article at The Register.