Solid State Drives (SSD) have become a popular replacement for traditional hard disk drives (HDD) because of better data transfer rates and the fact that the lack of moving parts makes failures less likely. SSDs do have another downside, however, in addition to being more expensive than HDDs.
Researchers at the University of California San Diego’s (UCSD) Non-Volatile Systems Laboratory (NVSL) have been testing common data sanitization techniques, which have been trusted to remove sensitive information from HDDs before they are discarded or sold, on SSDs. The results could spell trouble for those that have been keeping a significant amount of sensitive data on an SSD.
“Our results show that naïvely applying techniques designed for sanitizing hard drives on SSDs, such as overwriting and using built-in secure erase commands is unreliable and sometimes results in all the data remaining intact,” UCSD researchers state. “Furthermore, our results also show that sanitizing single files on an SSD is much more difficult than on a traditional hard drive.”
In one experiment, 14 different individual file sanitization techniques failed to remove all of the data from SSDs, and left over 10MB of a 1000MB file on the drive. If the file happened to be a database of personal information, that is a significant amount of information for a potential thief to get their hands on.
The lab is currently working on a new flash translation layer (FTL) design to help, “correct these issues and also exploit properties of flash memory to maintain performance while sanitizing the flash drive.” Until that happens, it would be wise to exercise extreme caution with the disposal or transfer of ownership of any SSD that may contain extremely sensitive data.
It had honestly never occurred to me that the difference in structure between a HDD and SSD would make such a significant difference when attempting to remove data. Nice work by the folks at the NVSL.