Secure Erase Methods Probably Won't Work On Your Solid-State Drive

We've shown you how to properly erase your physical media before, but a recent study showed that most "secure erase" methods don't actually work very well on solid-state drives (SSDs). Here's what you need to know.

Researchers at UC San Diego found that the normal methods we use to securely wipe magnetic drives aren't as useful on solid-state drives. After testing twelve SSDs, they found that only four were securely erased with whole-drive erasure methods. Trying to securely wipe a single file was even less successful, and more often than not a good portion of the file was recoverable.

The best way to keep your data secure on an SSD, the researchers said, was to encrypt the entire disk from the get-go, as soon as you've installed your operating system. Then, when you're done with the drive, you can delete the encryption keys and do a regular full-drive erasure. They note that securely erasing unencrypted SSDs is very difficult, and in some cases impossible.

The bottom line: If you're upgrading your hard drive, you're best off keeping those SSDs around until a more secure erasure method comes out, rather than selling them on eBay. Hit the link to read the study, or check out the article at Macworld for more info. Photo by Alan.

Reliably Erasing Data From Flash-Based Solid State Drives (PDF) [via Macworld]


Comments

    Put it in the microwave?

    Secure erasing aside, what about just clearing the working layer for use with an OS. With a hard drive I generally wrote 00's on the entire drive twice or three times for more depth! I have been doing this just once with my SSD to reduce wear, however with a Hard Drive I found that Windows tended to get bogged down because it can still see the previous layer, is this still true with a SSD..??

      So what difference would it make if you hard drive's "layers" were filled with random nonsensical data (to the OS) or 00's?

        The "OS" can still read from the layer below the one it is installed on, and sometimes has a heart attack after reading from the wrong layer. Which is why I like to have at least one layer of "nonsense" as you put it, to stop it from happening! :]

    might as well just keep the drive, it is an SSD after all!

    Fail, all you need to do is format, everything will be deleted, if you not happy with that, then fill it to the full cap with movies and songs then delete all of them, SSD work completely different to HDD. its not like a HDD where you can do back layers and layers......its a cell it either storages information or it doesn't.

      You're half correct. The basic idea is that, due to the different storage mechanism, the SSD firmware presents a 'virtual drive' to the OS that has no real bearing on what's actually written where - and the firmware puts the data where it thinks is best. The writes get spread out to maximize future read speed and to avoid too many writes in the same spot, which shortens the lifespan of those blocks.

      As a result of this, the OS really has no control over deleting physical blocks. with a traditional HDD, you can get remarkably low-level and make sure every bit of data is gone. with an SDD, the firmware makes the 'smart' choice and doesn't overwrite the data - that'd just shorten the lifespan of the drive - it presents the image of having being wiped.

      Where you're right: The best way to combat this aside from a hammer or encryption is probably repeatedly filling the drive with movies/random data and then clearing it again (but you have to fill it to the brim each time, or you can't be sure where it's putting the data - a DBAN random-data wipe just won't do the trick).

Join the discussion!