TORONTO – Data is resilient.
The average consumer often panics when their PC gives them a blue screen of death or their smartphone dies, while enterprises equip their storage arrays with redundancy in case of primary storage media failure.
But if logical corruption and physical damage are not always enough to permanently destroy data, what does it take to absolutely purge a device of sensitive personal and corporation information when it's actually required?
Hard drives with spinning disks, for example, can still house data even after a head crash or damage from fire or flood. While the average user or business doesn't have the capability to restore this data, an experienced data recovery company can. Flash storage and SSDs function differently, but will also retain data even if a file is intentionally or accidently deleted.
Magnetic media such as spinning disk are pretty uniform in how data is finally deleted regardless of device, Chris Bross, CTO at Driversavers, tells me. Ultimately, information needs to be overwritten in order to be permanently banished from a hard drive. Reformatting a drive is not enough; data remains until it is replaced by new data, and there are tools that can accomplish this by writing ones, zeroes, and random null data over existing data to guarantee its demise.
However, flash and SSDs work differently, said Bross. There are several layers of abstraction between the operating system and the physical storage media. When a user deletes a file it is placed in the background and scheduled for "garbage collection" -- the SSD controller through its firmware will clean up the stale data. But the reason for garbage collection is to prepare pages at the physical layer to be rewritten with new data more quickly for better performance, he emphasizes, not security.
The upside is there is a window in which accidently deleted files can be retrieved, but the downside is data on a lost or recycled phone may still linger. What further compounds this problem is different operating systems handle data and security differently -- Apple's iOS versus Google Android, for example.
Bross cited security software firm Avast's recent demonstration of how ineffective Android's factory reset function is by purchasing 20 Android smartphones from eBay and easily recovering as many as 40,000 photos, 750 emails and text messages, as well as 250 contacts. Even worse, it was able to derive the identities of four owners. Apple, he said, makes it tougher for deleted files to be recovered.
That being said, WonderShare just released the latest version of its SafeEraser software for iOS phones and tablets, which users can download to their Mac or PC to interface with their device to confidently destroy data -- even data they had deleted on the device, including texts and photos, according to the company's senior product marketing specialist Bijan Raiszadeh.
A factory reset is not enough, he said. "People don't understand the gravity of it." Recycled phones often up in Asia and are purchased by "data cartels" who mine the devices for sensitive data related to identity and financial records. "It's quite alarming."
SafeEraser 3.0 permanently deletes private data from Apple devices so that it is 100% unrecoverable to military grade standards, Raiszadeh said, as well as cleaning unused files to optimize the device.
Lost or stolen personal devices that have recoverable data have an impact on enterprises, said Scott Sinclair, analyst with Enterprise Strategy Group, thanks to the BYOD phenomenon. It's not just the owner's data at risk, but sensitive corporate data, which means businesses need tools to remotely manage and wipe either corporate-owned devices or employee-owned devices used to access business data.
Two separate threats to mobile devices were just recently revealed by security researchers that could jeopardize the world's more than 2 billion smartphones, including Apple, Google Android, and BlackBerry devices. One puts them at risk for stolen data, including password theft, and even allows hackers to gain control of the devices, according to security firm Accuvant. Meanwhile, Bluebox Security identified a threat affecting up to three-quarters of devices running older Android software that allows malicious applications to fool legitimate software from Adobe and others without the user knowing.
SSD makers, meanwhile, have been focusing on adding hardware encryption to SSDs for enterprise environments.
In the meantime, resist the urge to panic the next time your screen goes blue or your phone dies. There's a good chance the data is still there. Save your worry for when your device gets lost or stolen, and keep your fingers crossed that garbage collection kicks in quickly.