By Doug Spindler
The design of today's solid-state drives has made classic data-wiping techniques ineffective.
But there are sanitizing procedures that will effectively render sensitive data on SSDs — and other rewritable storage devices — unintelligible.
It's likely that most Windows users aren't aware of the hidden changes in disk drives over the past decade. Sure, they hold lots more data, but the hard drives and solid-state drives used in modern systems now have more computing power built in than a modern smart phone.
PC hard drives trace their origins back over 60 years to massive, low-capacity, hard-disk devices created by IBM for its mini and mainframe systems. (According to a Wikipedia history, the original drives were the size of two refrigerators and stored a whopping 3.75MB.)
From the 1950s through the turn of the current century, the fundamental design of the hard disk remained essentially unchanged. Data was stored on disks or platters — somewhat like our phonograph records — that spun at contact speeds of 5,400 to 15,000 revolutions per minute, depending on the drive model. (That's a bit faster than our vinyl 33.3s and 45s.)
Then, in 2000, drive technology was upended: Trek Technology and IBM began selling data-storage devices that used silicon memory chips instead of spinning platters. The new devices essentially used a slow but relatively inexpensive form of nonvolatile, rewritable RAM.
Over the next 15 years, chip-based — solid-state drive (SSD) — storage has grown faster, less expensive, and capable of storing more information in the same physical space. SSDs have now reached 1TB and are rapidly replacing the traditional spinning hard-disk drives (HDDs), both on mobile devices and on the desktop. (It could be argued that the success of smartphones and tablets is due to the low power and small size of SSDs.)
Within the next decade, the data storage we use could radically change again. According to researchers, "drives" based on carbon nanotubes (CNTs; more info) could replace both system RAM and data storage in a personal computer, tablet, or phone.
How data on SSDs gets missed by drive-wiping apps
For solid-state technology to replace spinning platters, it had to look like an HDD, both to Windows and to a computer's hardware (i.e., compatible with an SATA connection). Microsoft has 30 years of computer code designed to work with spinning media. It might have taken more years for the company to adapt Windows and other apps to include native SSD support. And adapting to yet another storage technology could mean another massive code rewrite.
Moreover, memory-chip storage has problems not found with spinning disks. It's taken about a decade to work out these challenges — one of the most problematic being wear leveling. Unlike hard drives, SSD chips degrade a tiny bit every time data is written to a memory location. To maximize the life of an SSD, all manufacturers run a wear-leveling program on the minicomputer running inside the storage device.
The leveling program keeps track of the number of times every memory location has been written to. As one memory location becomes "worn," the leveling program silently moves the data to another location (or address) that has seen less wear. This means the device's built-in computer must also have an address-translation table, because Windows still thinks the data is stored at the address listed in its Master File Table.
Again: Wear leveling occurs every time data is written to the SSD. Each of those writes consists of "chunks" of data, made up of both the new information and portions of unrelated files from "worn" memory locations.
Note that these chunks can contain data that the operating system assumes is securely deleted. In other words, unlike a hard drive, SSD drives have no provision for completely erasing files. Using a data-recovery application, someone could retrieve those bits of supposedly erased files.
Something SSD-drive manufacturers don't publicize is that SSD drives typically have more storage capacity than advertised. It ensures that you still have the stated capacity, should a memory chip fail. The extra chip isn't held in reserve; all chips are used until one or more fails. The drive's user will know of a chip failure only if the drive's capacity falls below its official capacity.
That's important to know, because disk-wiping/-sanitizing programs can access only the translated HDD address. They can't reach any data stored in the SSD address space.
Here's an example: Say you have a 1TB SSD in your computer. In Windows, the disk's Properties dialog box will report 1TB. But the SSD drive actually has an additional 10 percent of storage space to compensate for a possible chip failure. Over time, wear-leveling distributes data across all chips on the drive (unless one fails). When it comes time to retire the drive, a disk sanitizer will wipe only the 1TB the operating system "sees" — and not the additional 10 percent. That 100GB could contain quite a bit of data.
A better method for securing obsolete drives
Most important, never use a disk-defragment program on an SSD. Defragging puts wear-leveling into overdrive and will simply shorten the life of the SSD. (Defragging makes no sense on chip-based drives; all data locations can be accessed at the same speed. Unlike a typical hard drive, nothing needs to move across a platter to read or write data.)
The easiest and most effective way to sanitize an SSD is to crush all the chips with a hammer, as shown in Figure 1. (You can use the same technique on hard-drive platters.) This method is 100 percent effective — if you can access the drive. But it's impractical with any computer that's sealed or difficult to open. Also, on some computers, the SSD chips are soldered to the motherboard or hidden beneath other components.
Figure 1. Crushing an obsolete SSD's memory chips will keep sensitive information out of unauthorized hands.
An easier — and equally effective — method I've recommended for years is encryption. Just encrypt the disk and discard the key needed to access the data. (Obviously, this requires the drive to still be working. If the drive is malfunctioning, physical destruction is still your best option.)
Microsoft includes BitLocker, its disk-encryption software, with Pro, Enterprise, and Ultimate versions of Windows. The program works with SSDs, HDDs, and USB memory sticks. If the system using the obsolete drive doesn't have BitLocker, you can remove the drive and attach it as an external drive to a system that does support Microsoft's encryption system. A third alternative is to use a third-party encryption app, though you'll want to ensure that it has strong encryption and encrypts the entire drive.
Again, disposing of an encrypted drive is safe as long as no one has access to the decryption key — i.e., set it and forget it.
It's possible that your new drive — or the drive in your new PC — might already be encrypting your data by default. Some newer HDDs and SSDs include self-encrypting disk (SED) technology, which automatically encrypts everything written to the drive. (This feature is also called hardware-based, full-disk encryption — more info.) In fact, on some systems, this feature can't be disabled. To safely dispose of these disks, it's a simple matter of changing the encryption key, a process that's instantaneous — unlike a typical drive wipe that can take hours.
(It's possible to get locked out of an SED-equipped drive. Make sure you have full backups of your data.)
A word of warning: Many SSD and SED manufacturers offer a wipe utility for their drives. But security experts have found that these programs are not completely effective. I don't recommend relying on any of these programs. Instead, use what we know works: physical destruction or a full-disk encryption app such as BitLocker.
A few fun facts about SSDs and hard-disk drives
The design of today's solid-state drives has made classic data-wiping techniques ineffective.
But there are sanitizing procedures that will effectively render sensitive data on SSDs — and other rewritable storage devices — unintelligible.
It's likely that most Windows users aren't aware of the hidden changes in disk drives over the past decade. Sure, they hold lots more data, but the hard drives and solid-state drives used in modern systems now have more computing power built in than a modern smart phone.
PC hard drives trace their origins back over 60 years to massive, low-capacity, hard-disk devices created by IBM for its mini and mainframe systems. (According to a Wikipedia history, the original drives were the size of two refrigerators and stored a whopping 3.75MB.)
From the 1950s through the turn of the current century, the fundamental design of the hard disk remained essentially unchanged. Data was stored on disks or platters — somewhat like our phonograph records — that spun at contact speeds of 5,400 to 15,000 revolutions per minute, depending on the drive model. (That's a bit faster than our vinyl 33.3s and 45s.)
Then, in 2000, drive technology was upended: Trek Technology and IBM began selling data-storage devices that used silicon memory chips instead of spinning platters. The new devices essentially used a slow but relatively inexpensive form of nonvolatile, rewritable RAM.
Over the next 15 years, chip-based — solid-state drive (SSD) — storage has grown faster, less expensive, and capable of storing more information in the same physical space. SSDs have now reached 1TB and are rapidly replacing the traditional spinning hard-disk drives (HDDs), both on mobile devices and on the desktop. (It could be argued that the success of smartphones and tablets is due to the low power and small size of SSDs.)
Within the next decade, the data storage we use could radically change again. According to researchers, "drives" based on carbon nanotubes (CNTs; more info) could replace both system RAM and data storage in a personal computer, tablet, or phone.
How data on SSDs gets missed by drive-wiping apps
For solid-state technology to replace spinning platters, it had to look like an HDD, both to Windows and to a computer's hardware (i.e., compatible with an SATA connection). Microsoft has 30 years of computer code designed to work with spinning media. It might have taken more years for the company to adapt Windows and other apps to include native SSD support. And adapting to yet another storage technology could mean another massive code rewrite.
Moreover, memory-chip storage has problems not found with spinning disks. It's taken about a decade to work out these challenges — one of the most problematic being wear leveling. Unlike hard drives, SSD chips degrade a tiny bit every time data is written to a memory location. To maximize the life of an SSD, all manufacturers run a wear-leveling program on the minicomputer running inside the storage device.
The leveling program keeps track of the number of times every memory location has been written to. As one memory location becomes "worn," the leveling program silently moves the data to another location (or address) that has seen less wear. This means the device's built-in computer must also have an address-translation table, because Windows still thinks the data is stored at the address listed in its Master File Table.
Again: Wear leveling occurs every time data is written to the SSD. Each of those writes consists of "chunks" of data, made up of both the new information and portions of unrelated files from "worn" memory locations.
Note that these chunks can contain data that the operating system assumes is securely deleted. In other words, unlike a hard drive, SSD drives have no provision for completely erasing files. Using a data-recovery application, someone could retrieve those bits of supposedly erased files.
Something SSD-drive manufacturers don't publicize is that SSD drives typically have more storage capacity than advertised. It ensures that you still have the stated capacity, should a memory chip fail. The extra chip isn't held in reserve; all chips are used until one or more fails. The drive's user will know of a chip failure only if the drive's capacity falls below its official capacity.
That's important to know, because disk-wiping/-sanitizing programs can access only the translated HDD address. They can't reach any data stored in the SSD address space.
Here's an example: Say you have a 1TB SSD in your computer. In Windows, the disk's Properties dialog box will report 1TB. But the SSD drive actually has an additional 10 percent of storage space to compensate for a possible chip failure. Over time, wear-leveling distributes data across all chips on the drive (unless one fails). When it comes time to retire the drive, a disk sanitizer will wipe only the 1TB the operating system "sees" — and not the additional 10 percent. That 100GB could contain quite a bit of data.
A better method for securing obsolete drives
Most important, never use a disk-defragment program on an SSD. Defragging puts wear-leveling into overdrive and will simply shorten the life of the SSD. (Defragging makes no sense on chip-based drives; all data locations can be accessed at the same speed. Unlike a typical hard drive, nothing needs to move across a platter to read or write data.)
The easiest and most effective way to sanitize an SSD is to crush all the chips with a hammer, as shown in Figure 1. (You can use the same technique on hard-drive platters.) This method is 100 percent effective — if you can access the drive. But it's impractical with any computer that's sealed or difficult to open. Also, on some computers, the SSD chips are soldered to the motherboard or hidden beneath other components.
Figure 1. Crushing an obsolete SSD's memory chips will keep sensitive information out of unauthorized hands.
An easier — and equally effective — method I've recommended for years is encryption. Just encrypt the disk and discard the key needed to access the data. (Obviously, this requires the drive to still be working. If the drive is malfunctioning, physical destruction is still your best option.)
Microsoft includes BitLocker, its disk-encryption software, with Pro, Enterprise, and Ultimate versions of Windows. The program works with SSDs, HDDs, and USB memory sticks. If the system using the obsolete drive doesn't have BitLocker, you can remove the drive and attach it as an external drive to a system that does support Microsoft's encryption system. A third alternative is to use a third-party encryption app, though you'll want to ensure that it has strong encryption and encrypts the entire drive.
Again, disposing of an encrypted drive is safe as long as no one has access to the decryption key — i.e., set it and forget it.
It's possible that your new drive — or the drive in your new PC — might already be encrypting your data by default. Some newer HDDs and SSDs include self-encrypting disk (SED) technology, which automatically encrypts everything written to the drive. (This feature is also called hardware-based, full-disk encryption — more info.) In fact, on some systems, this feature can't be disabled. To safely dispose of these disks, it's a simple matter of changing the encryption key, a process that's instantaneous — unlike a typical drive wipe that can take hours.
(It's possible to get locked out of an SED-equipped drive. Make sure you have full backups of your data.)
A word of warning: Many SSD and SED manufacturers offer a wipe utility for their drives. But security experts have found that these programs are not completely effective. I don't recommend relying on any of these programs. Instead, use what we know works: physical destruction or a full-disk encryption app such as BitLocker.
A few fun facts about SSDs and hard-disk drives
- If you carry around highly sensitive data in your notebook, Secure Drives (site) offers an SED-equipped solid-state drive with a built-in self-destruct feature. The drive has its own cell phone; should you lose your computer, you simply send an SMS message to the drive. (It can also be configured to automatically self-destruct if it can't receive an SMS message, or by other means.) Like something out of a James Bond movie, the drive self-destructs by fracturing the memory chips with an ultrasonic shockwave.
- Data is stored on a spinning disk in concentric circles called tracks. On a typical PC drive, 60 to 100 tracks fit within the width of a human hair.
- Spinning disks are sensitive to noise. Yelling really loudly at your computer could cause vibrations that result in disk misreads and noticeably slower performance.
- The U.S. Department of Defense requires three or more passes for a secure data wipe. But if data on today's HDDs or SSDs is overwritten just once, it's gone forever — forensically destroyed.
- Newer drives store bits in overlapping tracks, like shingles on a house roof. The technology is called shingled magnetic recording (info).
- The outer edge of a typical PC disk-drive platter travels at 100 miles per hour.
- There are three trillion bits per square inch on the platter of a common hard disk.
