Study: Nearly Impossible to Delete Data on SSDs
Researchers have discovered that many SSDs don't erase all the stored physical data.
During the FAST-11 Conference in San Jose last week, researchers from the University of California at San Diego presented a paper revealing that it's nearly impossible to erase data from a solid state drive. Called "Reliably Erasing Data from Flash-Based Solid State Drives (pdf)," the study essentially blamed the Flash Translation Layer firmware interface for the way it manages data on the NAND chips, and the unpredictable nature of those very same NAND chips.
As the paper states, flash media is divided into pages and blocks. Program operations apply to pages and can only change ones (1s) to zeros (0s). Erase operations apply to blocks and set all the bits in a block to 1. Unlike physical hard drives, this makes it impossible to perform an in-place update. Thus, the FTL will write new data in a completely different area of the SSD and erase the old "left over" data (or digital remnants) whenever the disk is not in use. The problem is that it takes a long time to physically erase the data.
"Since in-place updates are not possible in SSDs, the overwrite-based erasure techniques that work well for hard drives may not work properly for SSDs," the paper reads. "Those techniques assume that overwriting a portion of the logical block address (LBA) space results in overwriting the same physical media that stored the original data. Overwriting data on an SSD results in logical sanitization (i.e., the data is not retrievable via the SATA or SCSI interface) but not digital sanitization."
The researchers tested twelve SSDs by using the built-in "Erase Unit" command. After completion, four were found to be completely void of physical data. One drive reported to be entirely clean, yet the researchers were able to access all of its "erased" data. Overwriting entire SSDs proved more successful in a separate test, with one out of eight drives showing 100-percent data deletion. Two were completely cleaned after two passes, and one still contained 1-percent of the old data after 20 passes. The other four took more than 58 hours to overwrite the data just once.
The researchers also discovered that erasing a single file proved to be just as flawed. "All single-file overwrite sanitization protocols failed: between 4 and 75-percent of the files’ contents remained on the SATA SSDs," the paper reads. "USB drives performed no better: between 0.57 and 84.9-percent of the data remained." Overwriting the free space and defragmenting the drive to "encourage" the FTL to reuse more physical storage locations proved to be ineffective.
The researchers concluded the paper by saying built-in sanitize commands are effective when implemented correctly. Software techniques to clean the entire SSD work most of the time, but are not effective when deleting individual files. The researchers have submitted three "simple" extensions to an existing FTL that should make SSDs completely erasable in the future.
To learn more about the researchers' findings, read the PDF document here.
- Blizzard ''Struggling'' to Launch Marketplace?
- HP Announces 10 New EliteBook and ProBooks
- Intel's Got a Special Event Planned for Tomorrow
- New Samsung DRAM Boasts of 12.8GB/s Transfers
- MacBook Pros to Launch on Steve Jobs' Birthday?
- Lenovo Launches Six New ThinkPad Notebooks
- Report: HP TouchPad to Go on Sale in April
- Windows 7 SP1 Released, Available for Download
- U.S. Military Cyber Chief Calls For Cyber Force
- Apple to Name Intel's Light Peak as 'Thunderbolt'
- AMD to Bump Out Nvidia for New MacBook Pros?
- Apple Store Goes Down, New MacBooks Inbound?
- The Hottest Apps of 2011, Week 8!
- New MacBook Pros Gain Thunderbolt, Goes AMD
- Deals of Day: Radeon HD 5870 & HP TouchSmart
- Intel Launches Light Peak Tech as ''Thunderbolt''
- Researchers Cram Computer on Pen Tip
- Gearbox Credits All Involved with DNF's History
I love when researchers catch this things. I'm glad to know someone is looking for every possible feature and flaw for the devices we use.
They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.
I currently use a SSD and this news doesn't concern me at all.
how about just getting total drive encryption instead.
The solution is in your logo... Tom's.
The solution is in your logo... Tom's.
after that, 4 seconds in a microwave should render ALL the remaining bits useless....
This will stop people from buying used ones then.
They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.
i would just like to point this out. old child *ehem is bad, no question about that, 99%+ of the time, because the children were R'ed.
however new applications of child *ehem laws make an 8 year old who gets their hands on a digital camera and takes a picture of themselves, it labels them a child *ehemographer
now how does this apply to you?
lets say that a someone between 15-17 takes a nude of themselves, and this is common, that is considered child *ehem, now lets say that you honestly cant tell, and unless you are a doctor who knows what they are looking for in bone structure, you probably honestly cant tell. would you want to go to jail for child *ehem because some almost adult took a nude of themselves and you cant tell? this happens FAR more often than you may realism, not the jail part, but profecionals getting tricked by underage. i believe its a 1985 issue of a famous magazine with the bunny, had a 15 year old as their centerfold, if not more.
can you really say that all the *ehem on your computer is 100% all over 18? i can hope all of mine is, but if i ever know without a shadow of a doubt that it isnt, i want to make damn sure the picture is gone and is never coming back.
If you really want to erase all the data on your SSD (or HDD for that matter) so no one can get to it there's a simple tool to do so.... a hammer.
DBAN
http://www.dban.org/
Done.
If you really want to erase all the data on your SSD (or HDD for that matter) so no one can get to it there's a simple tool to do so.... a hammer.
Lol right!
Interesting, so SSDs are not implementing the ATA Secure Erase command properly.
The best data eraser I have is in front of a nice sofa set and we regularly feed chopped logs into it, especially in winter.
Interesting, so SSDs are not implementing the ATA Secure Erase command properly.
probably due to limited rewrite capabilities.
Hammers always work.
They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.
While I agree it's useful in this case, being able to wipe drive is extremely important in corporate/government settings.
What if the government were developing a super-secret new weapon, and needed to upgrade the computers. If someone picked this drive up out of the trash, managed to recover 75% of the data, that means they have 75% of the plans to the death-star or whatever.
Now, the government usually is pretty rigorous about destroying stuff like this, but what about microsoft? What if a somewhat tech-minded janitor at MS HQ was royally screwed at some point and out for revenge? He'd pick up old drives as they were discarded. Eventually he'd find something useful and bam. MS's new code just got leaked to the puclic or sold to the highest bidder.
They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.
Nah, I'd rather the SSDs be able to erase data properly. Besides, criminals and kiddie pervs do a pretty good job of shooting themselves in the foot on a regular basis.
I read some of these comments like joytech22's & he should read this article once again...If you read properly,it said that they change the data from 1's to 0's for page & change 0's to 1's for the block area...So all data has not been erased,but changed to read something different...
Anyway I have bought 2 SSD's lately,but where pondering on where to use them online...I think I will stick to offline testing & see how effective they are first in speeding up the SSD's...Any thing online can cause your computer to slow down,so I will do it offline...
One more thing that I forgot to mention is which are the four SSD brand names and models that do the successfull job of erasing totally & also for what operating systems and whether for x32 bit and/or x64 bit...
They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.
porn
All you's want to talk about is porn,but I am wondering about the effectiveness of the cleaning utilities in doing a proper clean up job so that the SSD's will keep their speed up and not slow down...
Don't buy a SSD and not worry about it.
They should keep SSD's like this, that way if somebody does something dodgy like child *ehem, can't say that word here* then the authorities can take care of them the old fashioned way.I currently use a SSD and this news doesn't concern me at all.
I'd rather have complete control over my data.
screw the hammer. whip that sucker on the ground as hard as you can and have some fun.
The company I work for uses a hard drive shredder for old drives. Never seen an SSD go through one but it should make quick work of it. Pretty cool seeing a drive shredded like a piece of papper.
Considering the nature of SSDs I've suspected this. Even so, if you're worried about security you should encrypt the drive, and with your done with it use a hammer
Just blend the whole SSD(or just the PCB) to become sand...
who cares...have nothing to worry about
Hammers, microwaves, and fireplaces are all well and good if you want to totally destroy your own hardware out of paranoia or boredom. What about regular home or business users that simply want to delete sensitive information and make sure it's gone for good? The fact that you can't even erase single files with any level of confidence is quite alarming. The fact that USB flash drives and I'm assuming many many SD Cards have this same problem make it even worse.
The argument that we could catch kiddie porn offenders by making every consumer SSD purposely keep deleted data is INSANE! Seriously think about that suggestion. Make it easy to recover anyone's personal info so you can catch a few bad guys?
I have done data recovery for a number of customers who have deleted photos from the SD card in their camera or cell phone and can confirm that sometimes 2 or 3 generations of prior files can be recovered...if not completely than at least partially. I never considered SSD's having this same inherent problem but it does make since.
Luckily it seems that a few added instructions to the FTL firmware can make this problem null and void. I'd like this implemented immediately on any NAND based devices I would ever use for personal info...flash drives especially. Recovering accidentally deleted photos from a camera is all well and good but with more and more people using an SSD for their Windows boot drive, the security risks with being unable to securely erase files is bonkers IMO.
I remembered of Recycle Bin, reminded how fast it is to send 10 GB of files top recycle bin without emptying it.
Is the image of a Samsung product just representative of an SSD in general or are Samsung SSDs one of the products in question?
(sorry, posted this before but realised my mistake when it was on the UK portal.)