One in Three Used Drives Not Secure

John Lister's picture

A data recovery firm says it found 3.1 million "deleted" files on a second-hand hard drive. It also found 35 percent of drives had readily-restorable files.

The experiment by Secure Data Recovery comes with an obvious warning. It's a company that helps people recover deleted or corrupted files from their own drives, so it has an interest in highlighting that such recovery is possible.

That said, in this experiment conducted for Tech Radar, the company only tackled those drives where recovering data proved a straightforward task. (Source: techradar.com)

This involved buying 100 hard drives, all of which were traditional models with moving parts rather than solid state drives. The company says that 35 of the drives had easily recovered "deleted" files. Of the rest, 30 were damaged enough that they'd have required additional steps.

One In Three Secure

A further 34 were classed as sanitized. That means either they had no data, or that the drives had been overwritten with random, meaningless data. The Department of Defense recommends doing this three times to get an acceptable level security. Just one of the hundred drives had been encrypted before being sold.

Among the 35 drives with readily recoverable data, one stood out with 3.1 million recovered files. The rest had a combined 2.6 million files, meaning an average of more than 75,000.

Unfortunately this is far from a new problem. News reports dating back at least 18 years include similar experiments with similar results. One high profile case in 2009 involved a drive bought on eBay that turned out to have sensitive details of US air defense systems. (Source: dailymail.co.uk)

Physical Destruction Safest

Secure Data Recovery's Jake Reznik noted that the most secure way to avoid the problem is to physically destroy a drive, for example by shredding, drilling or disintegrating the drive's platter, the spinning part that physically holds the data. For safety reasons this is usually best done by professional specialists - but if you plan to resell or re-use the drive, this is obviously not the best choice.

Instead Reznik suggests using multiple rewrites of the entire drive with random data, then testing to make sure none of the original data is recoverable.

What's Your Opinion?

Have you ever sold or disposed of a used hard drive? If so, how did you secure it? Are you surprised by the breakdown of the 100 drives in this experiment?

Rate this article: 
Average: 4.2 (5 votes)

Comments

eric's picture

But most people still don't have a clue about physical disk security.

Personally, I have never sold a hard drive that had personal/sensitive data. I just use them until they stop working and then beat them with hammer and spike.

I had a friend that would never sell, trade, or even give away any of his old cell phones because he didn't trust that the factory reset was securely wiping his personal data.

Focused100's picture

It's too easy to recover data any other way

Gregg's picture

The level of destruction should match the sensitivity of the data present.For the vast majority of people overwriting the drive with software designed to sanitize the drive is more than sufficient. Alternately, just format the drive and fill it with benign data and reformat.
I have to wonder what would be on a drive to make people take a hammer to it? If I was really worried about passwords etc, I would just use dban software ( https://dban.org/ ) to do a military grade satisfaction, then reformat and repeat. I suppose the hammer is the lazy way out, but I abhor waste.

For The Most Sensitive Situations:
https://cmrr.ucsd.edu/resources/secure-erase.html
There is a solution, and you probably already have it. The firmware of nearly every hard drive built since 2001 contains a “Secure Erase” command so effective that NIST (the U.S. National Institute of Standards and Technology) rates it as good as degaussing a hard drive - that is, using a powerful magnet to completely scramble the bits stored on a drive. So why haven’t we been using “Secure Erase” for all these years?

Most BIOS developers disable the “Secure Erase” feature because they think consumers won’t use it wisely. Indeed, “SE,” as it’s called, is a “nuclear option.” It wipes data, and no amount of panicked, tearful phone calls to tech support or data recovery specialists will get it back. It even wipes data stored in bad disk blocks, something other disk-wiping utilities can’t do. When Secure Erase finishes its job, your hard drive will be squeaky clean.

A freeware utility called HDDErase 4.0 unlocks the power of the Secure Erase feature in nearly every standard magnetic hard drive built since 2001. You can download it from the UC-San Diego’s Center for Memory and Recording Research, but note that no tech support is available and you use it at your own risk. Because it runs from a bootable disk, HDDErase can erase any operating system, using the drive's own built-in sanitizer. Tim Fisher’s review of HDDErase provides a little more insight into this powerful command-line utility.

For Enteprise users:
https://www.dell.com/support/kbdoc/en-ca/000146892/dell-data-wipe
Dell Data Wipe is a feature in Dell Enterprise Client BIOS