Study: Nearly Impossible to Delete Data on SSDs
Researchers have discovered that many SSDs don't erase all the stored physical data.
During the FAST-11 Conference in San Jose last week, researchers from the University of California at San Diego presented a paper revealing that it's nearly impossible to erase data from a solid state drive. Called "Reliably Erasing Data from Flash-Based Solid State Drives (pdf)," the study essentially blamed the Flash Translation Layer firmware interface for the way it manages data on the NAND chips, and the unpredictable nature of those very same NAND chips.
As the paper states, flash media is divided into pages and blocks. Program operations apply to pages and can only change ones (1s) to zeros (0s). Erase operations apply to blocks and set all the bits in a block to 1. Unlike physical hard drives, this makes it impossible to perform an in-place update. Thus, the FTL will write new data in a completely different area of the SSD and erase the old "left over" data (or digital remnants) whenever the disk is not in use. The problem is that it takes a long time to physically erase the data.
"Since in-place updates are not possible in SSDs, the overwrite-based erasure techniques that work well for hard drives may not work properly for SSDs," the paper reads. "Those techniques assume that overwriting a portion of the logical block address (LBA) space results in overwriting the same physical media that stored the original data. Overwriting data on an SSD results in logical sanitization (i.e., the data is not retrievable via the SATA or SCSI interface) but not digital sanitization."
The researchers tested twelve SSDs by using the built-in "Erase Unit" command. After completion, four were found to be completely void of physical data. One drive reported to be entirely clean, yet the researchers were able to access all of its "erased" data. Overwriting entire SSDs proved more successful in a separate test, with one out of eight drives showing 100-percent data deletion. Two were completely cleaned after two passes, and one still contained 1-percent of the old data after 20 passes. The other four took more than 58 hours to overwrite the data just once.
The researchers also discovered that erasing a single file proved to be just as flawed. "All single-file overwrite sanitization protocols failed: between 4 and 75-percent of the files’ contents remained on the SATA SSDs," the paper reads. "USB drives performed no better: between 0.57 and 84.9-percent of the data remained." Overwriting the free space and defragmenting the drive to "encourage" the FTL to reuse more physical storage locations proved to be ineffective.
The researchers concluded the paper by saying built-in sanitize commands are effective when implemented correctly. Software techniques to clean the entire SSD work most of the time, but are not effective when deleting individual files. The researchers have submitted three "simple" extensions to an existing FTL that should make SSDs completely erasable in the future.
To learn more about the researchers' findings, read the PDF document here.
I currently use a SSD and this news doesn't concern me at all.
after that, 4 seconds in a microwave should render ALL the remaining bits useless....
i would just like to point this out. old child *ehem is bad, no question about that, 99%+ of the time, because the children were R'ed.
however new applications of child *ehem laws make an 8 year old who gets their hands on a digital camera and takes a picture of themselves, it labels them a child *ehemographer
now how does this apply to you?
lets say that a someone between 15-17 takes a nude of themselves, and this is common, that is considered child *ehem, now lets say that you honestly cant tell, and unless you are a doctor who knows what they are looking for in bone structure, you probably honestly cant tell. would you want to go to jail for child *ehem because some almost adult took a nude of themselves and you cant tell? this happens FAR more often than you may realism, not the jail part, but profecionals getting tricked by underage. i believe its a 1985 issue of a famous magazine with the bunny, had a 15 year old as their centerfold, if not more.
can you really say that all the *ehem on your computer is 100% all over 18? i can hope all of mine is, but if i ever know without a shadow of a doubt that it isnt, i want to make damn sure the picture is gone and is never coming back.
http://www.dban.org/
Done.
Lol right!
probably due to limited rewrite capabilities.
While I agree it's useful in this case, being able to wipe drive is extremely important in corporate/government settings.
What if the government were developing a super-secret new weapon, and needed to upgrade the computers. If someone picked this drive up out of the trash, managed to recover 75% of the data, that means they have 75% of the plans to the death-star or whatever.
Now, the government usually is pretty rigorous about destroying stuff like this, but what about microsoft? What if a somewhat tech-minded janitor at MS HQ was royally screwed at some point and out for revenge? He'd pick up old drives as they were discarded. Eventually he'd find something useful and bam. MS's new code just got leaked to the puclic or sold to the highest bidder.
Nah, I'd rather the SSDs be able to erase data properly. Besides, criminals and kiddie pervs do a pretty good job of shooting themselves in the foot on a regular basis.
porn