Security Basics mailing list archives
Re: Flash Memory Wiping
From: Atom Smasher <atom () smasher org>
Date: Fri, 19 Jan 2007 12:13:16 -0500 (EST)
On Thu, 18 Jan 2007, William M. Ryan wrote:
Can anyone recommend a tool/technique that will ensure that no data is recoverable from flash memory devices including USB drives, Memory cards, and PDAs?
========================this applies to flash drives and similar devices. i don't know enough about wiping a PDA to make any comments.
just last night, i came into possession of a previously owned flash drive (warranty replacement) and i was curious what could be recovered from it.
mounting it and looking for linked files showed that it was empty. so i dd'd it to a file and scanned that file for data [using http://foremost.sourceforge.net/].
apparently the previous owner of this flash drive was in the [legal] pharmaceutical business. i found a PDF, a bunch of images (most belonging to the PDF), several AVI and MPG movies. everything was info about some kind of treatment for aneurysms.
also, it seemed that the drive probably wasn't used much since it was new and/or since the U3 was removed from it. aside from the pharma stuff, there were GIFs that looked like they probably came with U3... logos for migo and mozilla, and a bunch of buttons and icons.
this kind of "attack" can be prevented by simply running dd if=/dev/zero of=/path/to/dev/flashdrive bs=512and then optionally repartitioning the drive (fdisk, disklabel, newfs_msdos, etc, or their equivalents).
if one is not that technically inclined, another option is to just "delete" (unlink) the sensitive files, then save non-proprietary data to the device until it's full. then delete all of the files. then the only thing that can be recovered (without exotic techniques) would be the non-proprietary data. assuming that your threat model doesn't include exotic techniques, just overwriting the data once will get rid of it.
others have mentioned a hammer, but that's probably overkill for most situations. of course, a hammer may be called for sometimes, but i think a less radical method of data destruction that leaves the hardware usable should work most of the time.
regarding industrial shredders, my only concern would be that something as small as a USB flash drive might pass through it unharmed. if you really need to destroy the hardware, i'd recommend a hammer... and safety glasses.
hypothetically, if i wanted to sell a used flash drive on ebay... and hypothetically if the drive was previously used to store "sensitive" data, i'd be fairly comfortable just overwriting the drive once from /dev/zero or /dev/urandom and reformatting it.
-- ...atom ________________________ http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Politics would be a helluva good business if it weren't for the goddamned people." -- Richard M. Nixon
Current thread:
- Flash Memory Wiping William M. Ryan (Jan 18)
- Re: Flash Memory Wiping Joel Dinel (Jan 19)
- RE: Flash Memory Wiping Laundrup, Jens (Jan 19)
- Re: Flash Memory Wiping Deian Stefan (Jan 22)
- Re: Flash Memory Wiping Dragos Ruiu (Jan 23)
- Re: Flash Memory Wiping Atom Smasher (Jan 22)
- Re: Flash Memory Wiping C Anctil (Jan 23)
- Re: Flash Memory Wiping Dragos Ruiu (Jan 24)
- Re: Flash Memory Wiping Lou Losee (Jan 24)
- Re: Flash Memory Wiping William M. Ryan (Jan 26)
- RES: Flash Memory Wiping Cleverson de Freitas Ferla (Jan 30)
- Re: Flash Memory Wiping C Anctil (Jan 23)
- Re: Flash Memory Wiping Snoopy Brown (Jan 24)
- <Possible follow-ups>
- Re: Flash Memory Wiping kenneth . buckler (Jan 19)
- Re: Flash Memory Wiping chandlg (Jan 19)
- Re: Flash Memory Wiping Atom Smasher (Jan 22)
- Re: Flash Memory Wiping nolife (Jan 19)