Two PhD students at the University’s Non-Volatile Systems Laboratory have presented research at this month’s USENIX Conference on File Storage Technologies that show even on-device secure erase commands may be buggy – and ineffective at removing sensitive data that may be stored on the SSD.
The researchers used a FPGA-based flash hardware tester named Ming the Merciless to analyse the data left on the SSD’s raw NAND flash chips, which are used to do the actual storage, and bypass any software built into the SSD’s interface.
They found that the build-in commands to delete all the data off an SSD disk are often reliable, but manufacturers have built versions with bugs causing them to work incorrectly.
Existing tools used to erase normal hard disks are entirely ineffective at destroying the data on SSDs. The final option for removing data from SSDs is to use dedicated software to overwrite parts of the device. These were found to be effective after 2 passes on the disk but not entirely reliable.