Wiping USB keys...
...is harder than you'd think! I'm still not entirely sure how to do it securely.
Someone in RailCorp will be nursing a bruised ego after selling a pile of USB keys lost on trains in the authority’s regular lost property auction. It may have never raised an eyebrow, except that the keys were bought by the keen-eyed Paul Ducklin of Sophos. What Ducklin thought of as a good source of research into user habits …
Microwave oven and then blowtorch and then angle grinder?
Chances of anything software-based doing the right thing wrt complete data destruction are about the same as the chances of two separate tidal waves from a tsunami getting superposed and then finding a badly-operated nuclear power station in their path; probably not impossible, but very very unlikely.
I format the device, put an encrypted truecrypt container on it that is the max that the stick will take, fill the container with a file of random ascii text, let it settle for a bit, then format it again. Its not great, but its the best option I've come up with to try and 'flush' the data out of it.
Correct me if I'm wrong, but I thought this would be trivial;
1. Format it
2. Copy junk files to it until it's full
3. Format it
Unlike a spinning disk where old data can be read from lower layers of the disk using special equipment, a flash drive has bits than can only be on or off, formatting the drive then setting the bits (to junk) means junk will be the only thing that could be retrieved.
How the data is stored internally often has between little and no relationship to what is presesented to the outside world, there generally being a bunch of spare cells used for wear-leveling purposes that are swapped in and out of external visibility as the device controller sees fit. You can wipe every externally-visible sector on the device ten times over, then a few weeks later have sectors full of data pop back into existence as the internal controller re-arranges things to suit itself.
How do I know all this? TheReg ran a whole article on it several weeks back!
You're forgetting about wear leveling. In order to prevent one area of flash from being continually written to, causing it to die before the rest of the disk, the controller will move data around in the background. Without knowledge of the wear leveling algorithm or low level access to the flash chip you can't know that all blocks have been overwritten.
Also re: "data can be read from lower layers of the disk", military standards require overwriting magnetic disks multiple times, but so far no one has been able to demonstrate the ability to read data after a single pass of random data. It may be possible with a big enough budget, but it hasn't been done yet (at least, not by civilians).
Nope, not forgetting wear levelling at all - if you write to every block then every block is written to, yes, the less used ones are written to first, but if you write to every block then, regardless of the order, every block is written to. The only area that *could* hold information (not data) is the separate area that holds the metadata for the wear-levelling, this isn't normally accessible, but even if it was, how useful it would be to know how data was spread is debatable.
It's odd how you don't understand that completely filling a disk means the disk is completely filled, but dismiss the ability to read different parts of a disk, I know from personal experience that you can read data from a zeroed disk, hard disks are written in tracks, and alignment of the tracks is key, the magnetic domains are forced into one particular direction, these represent 0's or 1's depending on the direction, usually the domains are not perfectly symetrical either because of minute tollerances in the heads or environmental factors (such as the field created by the motor), this means the track tends to drift slightly wider either for a 0 or a 1, by dismanling the drive and adjustng the head alignment some of the zeroes start reading as 1's, the only specialised equipment you need is a positive pressure cleanbox, a screwdriver and the ability to issue low-level disk reads, the actual data recovery is none to poor, older, lower density disks are more successful (and ferric rather than cobalt) mostly just noise, but it is possible - that said, "layer" is misleading and overwriting with random rather than zero data pretty much puts recovery to zero (if it's truly random).
The majority of people who are carless enough to lose a USB key are going to be the sort who are carless enough to not encrypt the stuff.
To be honest though USB keys aren't the kind of thing I'd keep data I was worried about keeping private in the first place.
I find it it difficult to know how to encrypt a key, there is software you can get that you put on the key buy this becomes a problem if the key needs to be read by different OS's, the software won't work on all of them.
I think it is time for a key encryption standard that is automatically enabled and requires a password when a key is first plugged in and is protected from there on in. The software would be multi-OS and relatively easy to wipe the key of so required (like when you reset a phone).
If all key manufacturers were required / or agreed to do this then the problem of data protection goes away. You would actually be doing something against the data protection act if you hacked into a key, much the same as if you hacked into someone's private accounts.
Whether or not people use sensible passwords though is then another matter.
Truecrypt for cross platform but with the complication that it requires admin rights on Windows to mount the volume. However, for most users, Windows 7's bitlocker should suffice. No admin needed and most people are, unfortunately or fortunately depending upon your allegiances, Windows users at work and likely at home.
Can i suggest that the sample size is biased somewhat there.
In that, the sort of person who doesn't take the time and effort to encrypt/secure a USB stick is also the sort that won't take the effort to check the thing is still in their pocket. Indeed, the fact that they haven't been reclaimed suggests they haven't been missed for long enough to make identifying when they went missing impossible.
I've "lost" USB sticks but never in a public place and never with anything important on them.
So it has to wipe USB keys that it never owned before selling them.
Does it also have to shred any lost paperwork ?
Or should the person handing the lost key in be responsible for wiping it first?
What if it decided that this was all too much trouble and just throws any lost property int he rubbish - would it be fined then?
What was the point of the sale? Seriously, does RailCorp think there is a pot of gold at the end of the lost USB stick rainbow when an 8GB stick is $20, a 4GB is around $10 and smaller capacities are unavailable?
The fact that the lot of USB sticks sold for TWICE the cost of new, larger capacity sticks (!!!) shows that there is interest and profit to be made from lost private data, and in this instance no doubt all of it of the criminal variety. RailCorp should be done for aiding and abetting a criminal enterprise.
They are far better off avoiding the problem and destroying them with the cost effective hammer + bin solution.
If you lose a USB stick then I don't think it's anyone else's business saving your sorry ass.
If the data is sensitive (the wife in her knickers ... or somebody else's knickers) then use an encrypted USB stick for heavens sake ... don't come whining to me because you lost it and someone else found it.
If I had lost my USB stick, and they got it, they might say it was unencrypted because all it has on it is a single apparently naked Zip-type file.
You have to try to open that before you realise that it actually contains only a single, encrypted, Zip-type file. It's only when you open the encrypted file that you can see the folder metadata.
And that's not too easy. I hope
Better not to lose it, though