With all the privacy breaches that have been occurring lately, its no wonder that more users are learning how to completely wipe their disk drives before a disk drive upgrade or passing a desktop or laptop computer on to someone else. This totally makes sense and is a very wise move so your personal information does not get accidentally or intentionally compromised in the future. Wiping traditional hard disk drives is simple enough but what about SSD or built-in flash storage devices That is a completely different story and requires a different approach.
Erasing a traditional hard disk drive is easy. First of all, simply dragging a file into the trash and selecting Empty Trash from the Finder makes the file appear to have vanished but its simply not visible to you. The entire file still exists on the drive and can be recovered with “Undelete” or forensic software rather easily. This is the traditional way that all filesystems work, regardless of operating system.
Fortunately every traditional (mechanical) hard disk drive (HDD) made since the ATA Secure Erase command made its debut in all HDDs larger than 20 GB. This command effectively wipes out all user data in all parts of the HDD in a way that is not recoverable. This is what you want to do to your HDD to make the disk truly blank, without any residual trace of your personal information on it.
Secure Erase has been a built-in feature of macOS for many years. Simply select Secure Erase in the Finder just below Empty Trash and all the files in the Trash will be erased with a method compliant with the United States Department of Defense security standards. macOS will secure erase the files seven times, which is actually six times overkill, unless you have an antique disk drive (which is very unlikely) because a single pass on a disk drive that implements PRML technology will result in a file that is forensically unrecoverable. PRML overlaps Writes so data is actually partially written on top of each other, to increase disk capacity, so when the file is overwritten during a secure erase pass, its completely obliterated in one single pass. The government standards go back many years (decades) where files are easily recoverable and in fact, pervious versions of that file could often be recovered. That has not been a problem for us for decades buts since macOS natively performs seven passes, the data is unrecoverable no matter what drive you have installed.
Secure Erase is Recognized by the US National Institute for Standards and Technology (NIST), to sterilize hard disk drives after using them for government work. There is no certification that is specific to SSDs so while a sneaky person could technically run a secure wipe and just move on, they in reality do not actually sterilize the SSD as was intended by NIST.
If you want to securely erase an entire drive or to secure erase the currently unused disk space (which has all your previously files still recoverable in it) then you will need to connect the disk drive to your Mac via an external (USB/Thunderbolt) enclosure then launch Disk Utility and Erase that drive from there. Select the level of security you desire (not the fast mode because that does not perform a secure erase) and erase it from there.
Old non-Apple operating systems are not this simple to actually securely erase, because they require you to manually set a password on the drive and set one of two security levels. If you don’t know to do this then it won’t run the erase procedure or it will appear to run but not securely erase the drive. This is another reason why macOS works better for real world users.
SSD drives directly replace hard disk drives but are an order of magnitude or more faster, allowing the user to extract the maximum performance from the system they purchased with their hard earned dollars but SSDs do not work in any way that is similar to HDDs and that is especially true for erasing files or secure erase of the entire drive.
SSDs move data around in unpredictable (by humans) ways and attempting to erase files winds up in a very bizarre shuffling of data, so you never really know where anything is at any given time. As strange as this seems, it actually makes sense because SSDs need to perform wear-leveling and garbage collection, in order to maintain their performance and not wear out the SSD prematurely.
This leaves us unable to issue a secure erase command and be confident that all your data actually got erased. In fact, researchers have found that data is still recoverable from SSDs (to varying degrees) after a secure erase command was issued to them.
This may lead users to think that they ca simply overwrite the entire drive or write zeros to the entire drive but the reality i that SSDs do not write data in a linear fashion so after you complete your process you’ll discover thither is still data that is recoverable forensically the SSD used its own peculiar logic to move the data around as its writing, not to mention that SSD drives that use compression make that whole process even more unpredictable.
Payment Card Industry Data Security Standard (PCI DSS) 9.10 requires that drives be securely wiped or physically destroyed to protect cardholder data. These two choices work for hard disk drives but obviously only physically shredding the drive via an acknowledged shredded service is the only way to go.
Encryption to depersonalize your SSD
A possibility to wipe your drive in a secure manner is to encrypt your data before handing the drive, or the entire computer, to another person. This is especially true for newer netbooks and laptops which has flash based storage soldered onto the motherboard (essentially this is a non-removable SSD) which cannot be removed or replaced by the user. For these users, they need a reliably secure way to securely erase all their sensitive and valuable data.
BackBlaze recently mentioned in there blog that they recommend that users encrypt the drive before handing it (or the laptop) over to the next user. Superficially this makes sense but lets take a deeper look at the reality of the situation.
Hide the data, toss the key
BackBlaze goes on to explain that encrypting the SSD and simply throwing away (forgetting) the password to the key that unlocks the encryption. If you encrypt the drive and give the drive to someone who does not know the password then the drive is simply full of gibberish to them, never to be recovered.
This is a very simplistic approach and superficially looks like it should work, it seems obvious that there is a huge limitation to this technique. The average user will not encrypt the drive until they are ready to give up the drive. This means that at the moment of encryption, there have been hundreds to thousands of files on that drive that have been either deleted or shuffled around on the SSD, as a normal part of its built-in maintenance. The encryption software will only encrypt current files, any files that was on the drive before encryption, but not in active use will still be there and an attacker could use forensic techniques to recover it.
There is no proof yet that whole-disk encryption will encrypt unused areas of the disk, so this technique will only be partially effective, Your personal data is is sensitive and valuable that you really need a complete solution, to be safe.
Vendor software, from SSD manufacturers rely on the secure erase command to work, but researchers have already proven that no SSD vendor software actually wipes the entire drive, so this is not a usable solution.
There is no utility software on any OS that can properly and completely secure-erase an SSD. They can restore the like-new performance to the SSD which many people assume to mean that the drive is now wiped clean but in reality, security researchers have proven that no software at all actually wipes all data completely clean.
The SSD erasure problem is so severe that Apple has removed the Secure Erase command from the Finder, apparently because they know that SSDs shuffle data around in unpredictable ways and cannot be securely erased using today’s technology.
I suspect that in the future, someone will come up with an algorithm that will cause the controller in the SSD to touch every bit of data on the SSD. Until then, we need a way to protect ourselves.
BackBlaze also says tat shredding the SSD can destroy the data on it. This is true and has been for decades. There are companies that specialize in shredding corporate secrets, originally paper, then magnetic tape then hard disk drives and now SSDs (and fish drives) by running it through an industrial grinder.
These shredding machines are not common, are expensive, and the process to handle the drive until its completely shredded is delicate and easily manipulated. If you do go this route use the same shredding companies that the Fortune 100 companies use, and get a certificate from them that they really did shred it for you.
What to do?
Until security researchers prove that there is a method to undoubtedly protect your data then we have to do our best to come up with a temporary solution.
- If you are giving the SSD, or computer containing an SSD, to another person then:
- Put the SSD into an external enclosure
- If its a computer with soldered-in flash storage then boot up fro an external drive
- Encrypt the hard drive, don’t write the password down anywhere and forget what it is.
- Run the Secure Erase command (in Disk Utility, format the drive and set the security to anything above the minimum level).
- Copy a huge file (like a full length movie) to the SSD
- Duplicate the file over and over until the drive reports that its completely full
- Throw all this files into the Trash and empty the trash (this is to make it usable or the next user
- Will this wear out the SSD a little faster? Yes, but it should be unnoticeable within its usable lifespan for any SSD manufactured in 2014 or later and its a reasonable price to pay for ensuring that you’re as secure as its possible to be today.
- Hitting an SSD with a hammer or drilling it will not destroy data, that those techniques only work on hard disk drives.
The other two options are to keep the SSD in your bank’s safety deposit box, this could serve as your offsite storage for your backup strategy or to keep this SSD in an external USB or Thunderbolt enclosure and use it as a scratch disk or to store your favorite cat videos.
Future of personal privacy
At the moment we are going through a period of crumbling governmental morals, so until the moral citizens straighten out this mess, we need to protect our privacy and personal data as much as is possible.
It seems that the best we ca do is to start with full disk encryption when the drive is brand new, in macOS that means simply turning on FileVault when you first start the system, so that eery space that a file is written to is encrypted, then check to make sure that FileVault is still tuned on after you’ve used any migration tools to get your data onto the new drive/computer.
Now when you give the drive or computer to any else, you can rest assured that your data is safely encrypted and cannot be read by them. As a courtesy you should format the drive and put a fresh copy of macOS on it just so they can boot it up.
Source: How to securely recycle or dispose of your SSD BackBlaze
by Michael Wei∗, Laura M. Grupp∗, Frederick E. Spada†, Steven Swanson∗ ∗Department of Computer Science and Engineering, University of California, San Diego †Center for Magnetic Recording and Research, University of California, San Diego
“It is better that ten guilty persons escape than that one innocent suffer” William Blackstone
Favorite me on AppleNews now, to stay up to date with deep insight and helpful tips.
Get more free cloud storage space now, directly from: Drop Box
Thank you for your support, Please don’t forget to visit the sponsor of my site, Amazon, it really helps me out and does not cost you a single penny extra.