SSDs harder to securely erase than standard hard disks

Researchers at the University of California, San Diego have found that erasing sensitive data stored on Solid State hard drives (SSD’s) may not be as easy or reliable as they thought.

Two PhD students at the University’s Non-Volatile Systems Laboratory have presented research at this month’s USENIX Conference on File Storage Technologies that show even on-device secure erase commands may be buggy – and ineffective at removing sensitive data that may be stored on the SSD.

The researchers used a FPGA-based flash hardware tester named Ming the Merciless to analyse the data left on the SSD’s raw NAND flash chips, which are used to do the actual storage, and bypass any software built into the SSD’s interface.

They found that the build-in commands to delete all the data off an SSD disk are often reliable, but manufacturers have built versions with bugs causing them to work incorrectly.

Existing tools used to erase normal hard disks are entirely ineffective at destroying the data on SSDs. The final option for removing data from SSDs is to use dedicated software to overwrite parts of the device. These were found to be effective after 2 passes on the disk but not entirely reliable.

The researchers have published their paper online (or check out the synopsis). Also check out this YouTube videoshowing how they rounded off destroying the UK ID Card Database earlier this month.