Sensitive data can be left behind on NAND flash

Researchers find SSDs harder to erase than hard drives

New research has found that erasing sensitive data on solid state hard drives (SSDs) is more problematic than with physical hard drives.

The researchers at the University of California presented research (pdf) at the USENIX conference which showed that SSD secure erase commands were ineffective at scrubbing sensitive data when need.

PhD students Michael Wei and Laura Grupp developed a hardware device to bypass the so-called ‘flash translation layer’ on SSDs to directly access the raw NAND chips in order to evaluate the success of ‘sanitisation’ techiques.

"Our results show that naïvely applying techniques designed for sanitizing hard drives on SSDs, such as overwriting and using built-in secure erase commands is unreliable and sometimes results in all the data remaining intact," the group wrote in the paper synopsis.

"Furthermore, our results also show that sanitizing single files on an SSD is much more difficult than on a traditional hard drive."

The researchers concluded that the increased complexity of SSD drives over hard drives meant that SSDs needed to provide verifiable santization operations. 

However it’s worth noting that the team did need to create a hardware device to bypass a component within SSD drives so the weakness in ‘sanitization’ is probably of most interest to corporate and government agencies rather than a serious end-user concern.

Check Also

Tiger launches Zoom Phone integration with advanced UC analytics and historic data retention features

A Zoom Phone module aimed at the hybrid remote workforce released by Tiger offers an …