I've always gone for the masonry-chisel-&-lump-hammer approach when disposing of old hard drives.
I've yet to try this on a smartphone though. The resale value may prove too tempting...
Data recovery experts have found a raft personal information from used hard drives and mobile phones purchased from Amazon, eBay and Gazelle in the UK, US and Germany. The research, by Blancco Technology Group and Kroll Ontrack, once again shows that failure to erase data from discarded devices continues to be a problem, …
I took a set of on old SCSI LVD drives which lingered in my loft for 8+ years to the county dump last year. I left them with the other electronics. By the time I went to the car to pick up the next load and dump it they were gone. They were immediately collected for "reuse" by one of the guys at the dump who clearly knew what they were and what he was doing..
Thankfully, they were properly wiped using a 7 pass. Something you could do once upon a time. Realistically, you can no longer do it in the age of flash. You really have no idea what exactly what done by the storage controller and what can be recovered from the drive after that.
Actually, that is not sufficient for flash storage, in part due to wear leveling algorithms. Not too long back a case study found that around 20% of user data was still recoverable after over-write wipe attempts on flash devices.
The good news is most SSDs support "secure erase" functionality which actually does wipe the data. I am certain (hopefully) some software supports it, but I know that at least one hardware wiper does and I use it on a regular basis.
Of course, that is SATA and IDE SSDs, "destruction" is the word of the day for USB thumb drives and such.
What doesn't work is trying to wipe individual files, because the obscuring bit pattern won't be written over your data. What you can do is delete your data then fill the device with junk - the only sectors you won't overwrite then are those that have been taken offline due to read/write errors.
"Actually, that is not sufficient for flash storage, in part due to wear leveling algorithms. Not too long back a case study found that around 20% of user data was still recoverable after over-write wipe attempts on flash devices."
That would mean that on overwriting the complete device, 20% of it suddenly developed bad sectors. Nope, not likely.
Wearleveling actually has little to do with it, because it just shifts data around during your read-erase-write, to make sure all sectors get their same amount of erase cycles.
But yes, if the SSD has secure erase, go for it. In other cases, fill it with random. Not the files, the device.
> "The good news is most SSDs support "secure erase" functionality which actually does wipe the data. I am certain (hopefully) some software supports it"
Most SSD manufacturers supply a "toolbox" program with the drive that'll do it. Parted Magic will do it, but it's non-free. You can run hdparm (via Linux live disk) with --security-erase, which should issue the ATA secure erase command.
When I was in public service the recycling centre actually complained once that the PCs had no HDDs in them.
Well I'd made a point of removing them and doing as much physical damage to them as I could.
Then putting them into the landfill dustbin, buried.
Yes, someone could have found one in the sludge. and dismantled it and read data off the (wiped) plates. You can't make anything 100% safe in the real world.
But I got as close as I could. And it certainly wouldn't have been possible for an ordinary bloke in the street to do.
course , as we all know the only safe way to erase data ( a hard drive in this example ) is to:
delete all the files from the volume
format the volume
erase the volume
erase the other volumes
run the "military strength" deleter / overwriter thingy of ov a Hirens disk
remove drive - wave around in front of a strong magnet
go outside - throw it against the wall a few times
find a De-Walt with a HSS bit drill through the platters a few times.
THEN it starts costing....
Have a Certified (read "licence to print money" ) data disposal company come round and:
put the item through their "special" data destroying coffee grinder
sweep up the bits into a lead lined box
have a swat team escort the box to morder
empty fragments into fires of mount doom.
Nuke the site from orbit
This will of course , significantly effect the resale value of your iphone
I think you left of at least one intermediate step: throw in a box with a grenade chaser. Other than that, it looks pretty good.
find a De-Walt with a HSS bit drill through the platters a few times.
Even better, if you have access to a CNC router, is to program it so that it eats away the disk from one side. Soon the router bit will hit the platters, which will start to spin ... If things go well, you'll be left with just platter dust.
(wear safety glasses)
"still readily recoverable for those with access to specialised software."
Ha ha! A lot of the time, simply plugging in a USB cable and having a dig about using "File Mangler" in Windows is enough to find that your data is still sitting on the phone's "disk" after a so called Factory Reset. I've reloaded the O/S onto my phone, asked it wipe the SD cards and still the data is there!
Want to remove it completely? Use a claw hammer, a breeze block and a bucket of sulphuric acid!!
That had better not be a steeol/iron one then....
According to GCHQ you need to take the platters/chips, melt them into a mess and escort it with armed guard to somewhere secure such as the Radioactive ponds at Sellafield and leave for 1,000 years.
A bit extreeme but it does ensure that no one can read your Facebork entries until long after it matters.
"Not sure if new phones with newer versions have it turned on by default."
There were rumours that Lollipop would have it on by default, but presumably due to performance it wasn't. Some of the high-end smartphones have dedicated silicon that aids with the disk encryption/decryption process so the performance impact is lessened; I suspect until these devices are more common the encryption will remain optional.
A several-pass random wipe as part of the factory reset process would be welcome however.
"Umm. Hasn't Android had file system encryption since 4.x ? Or earlier ?"
Not by default, as has already been mentioned, and on my particular Kit Kat device, under a year old, it's recommended that you don't use encryption at all because it's so buggy.
There have been reports that it slows the device to a crawl and in the worst case leads to an unrecoverable corrupted filesystem. I guess it's just one of the drawbacks of not being in control of both software AND hardware, like Apple.
"There have been reports that it slows the device to a crawl and in the worst case leads to an unrecoverable corrupted filesystem."
Have there, some links please, or is that what they want us to believe?
My Android phone is encrypted simply because data protection, device loss and not wanting to be that bothered about if it happens. I mislaid a Blackberry once (slipped silently under a desk draw set while working on a PC) the feeling of wondering what I might have left on there over the last few months by mistake is unpleasant, what's worse is I have an almost OCD tick to check my phone keys etc. when leaving a building and often entering another so I knew it had "gone from my pocket in the last ten minutes", knowing I had enough time to reset some passwords would have been nice but it was so quick I wasn't even sure it would be locked. Yes I did call it and yes people did hear it go off but because it was "not their phone they didn't bother to do anything about the phone ringing under the desk" (people wonder how BOFH got like that).
That's what Blancco sells: Erasure tools for phones & disk drives
I used to be associated with a charity that refurbished & re-sold PCs. We originally set up a dban station for wiping drives. Management then decided that we would have to use Blancco instead,
I don't know if they've changed their model, but back then, the software had an initial cost, *plus* a cost for each use. And this charity was particularly cash-strapped.
I have nothing to do with them any more.
Vic.
Factory erase all your data (reset), then take enough HD pictures of the desk to FILL the rest of the storage area. Delete the pictures. Done. (a 3gb video of your pocket would work the same)
The easiest way to clean a flash storage device is to overwrite the location where the data was held with new data.
My daughters phone suffered a few problems, so it was taken back to the shop, who lent her a unit whilst hers was being repaired.
she used the phone for a few days, then returned it to shop when her phone returned.
Months after, her friends still get txts from that loan unit, despite the shops promise to reset the phone...
> Unfortunately phone shops are full of the sort of people who truly believe that if they say something repeatedly with enough bravado it becomes true. Unfortunately they're all just very, very stupid rather than being masters of reality.
Back when Microsoft had just taken over Nokia and the first Microsoft Lumia's were in the shops, I went in to fondle one. Immediately a young lady came over and started her sales pitch. I told her I was concerned about storing my contacts in the cloud to which she replied: "It's alright, you can have as many clouds as you want."
I told her I was concerned about storing my contacts in the cloud to which she replied: "It's alright, you can have as many clouds as you want."
Holy shit. I think my response to that would have been something like a moment of stunned incredulity, followed immediately by my putting the phone smartly down and marching stiffly out the door without a word.
This post has been deleted by its author
Not only do they mandate full encryption of storage on IOS devices (there is no way to shut it off), they backported the feature all way back to the iPhone 3GS and iPad 2 (four years' worth of devices) and forced it on automatically for anyone who ran the normal software updates. And they did it without hurting performance.
They've had default encrypted storage on iPhones since the 3gs - back when it was new. It and all subsequent phones have included a dedicated AES encryption block on the SoC (hence no performance drop)
The change they made a couple years ago was with key management, to insure that the users had the only copy of the key. Previously Apple held a copy of your device key - so they could help out the users who forgot their password (if they could establish they were the phone's owner)
With the NSA's and FBI's shady activities they felt it was better to leave it totally up to the user, which is why now they can't help you if you forget your password because they no longer have a copy of your device key. If you forget your password, and don't have a backup, you've lost everything and no one can get it back, not Apple, not a data recovery company, (probably) not even the NSA (unless they can crack AES)
Surely some people don't bother to do a reset of their phone before selling it? Maybe Gazelle and Amazon do that as part of their normal process of checking out a phone before turning it around and reselling it, but surely there are iPhones available on eBay where the previous owner has stupidly left everything intact?
[Wear appropriate safety gear]
1. Break the drive seal/case
2. Apply lump hammer, liberally.
3. Place drive in bucket of water from a salt water pool. The water just covering drive body.
4. Pour in pool acid, liberally.
5. Leave (in a safe, ventilated, place) to bubble and hiss for one week
6. Retrieve hardware, rinse thoroughly in salt water
7. Season with above mentioned lump hammer to taste and dispose of drive in council bin
Pro tip: Leave the finished drive in the weather for a month for that fully-corroded look.
This post has been deleted by its author
An electric oven plate (ghetto reflow) seems to do the job, tried recovering data from a few pendrives thus cooked with just the chip exposed and the rest epoxy encapsulated (250+C) and nothing.
Chip won't even recognize in low level tools, checked soldering and its not the problem.
I'd even checked that the chip was a similar manufacturer and size, still didn't work.
Also works well on microSD cards, evidently at high temperatures the glue that holds the thinned die together degrades and causes all the bond wires to snap.
I tried this on a few cards and 100% fail at >200C, they really really do *not* like the heat.