Flash memory in the form of USB thumb drives and solid state hard drives (SSD) has changed the way we deal with data forever, but a new study conducted by a team of researchers from the University of California in San Diego has cast doubt on the security of such devices.
The study (PDF) wich was presented at the USENIX Conference on File and Storage Technologies shows that large amounts of persistent data on individual chips can be read using a custom adaptor based on and FGPA chip, even if the data has been ‘securely erased’ or overwritten several times.
According to the study, the use of wear levelling is SSDs means that there is not a consistent relationship between physical (flash) memory cells and the sector addresses addressed by the device’s normal (ATA / SATA / USB / SD) interface.
Once deleted the data cannot be retrieved using those standard interfaces but some data fragments persist and can be read using custom hardware and software.
The researchers also found that although some self-encrypting devices had taken a step in the right direction, many of the encryption routines had been so poorly implemented that trusting that data had been permanently deleted on these devices was “unduly optimistic”.
In short, hard-drive centric deletion techniques are effective when implemented properly, but only when the entire drive is wiped. None of the currently available software techniques were effective when deleting individual files.
The report’s authors are calling for hardware and software manufacturers to come up with verifiable sanitisation techniques for flash-based storage.Leave a comment on this article