“Two-Thirds of Second-Hand Memory Cards Contain Data From Previous Owners”, by Catalin Cimpanu at BleepingComputer.com drops some unsettling news: two-thirds of used media cards contain personal data – from personal information to nudes. Researchers from the University of Hertfordshire purchased 100 used memory cards and examined them to see what data was left behind. Of those cards, only a third had been wiped using a tool that overwrote the storage. Another third had been erased but not wiped – data was easy to recover using free utilities. Worst of all, previous owners of the final third had made no attempt to delete their data.
This isn’t the first time a study has shown that data destruction is an often-overlooked detail:
Photocopiers – that’s right, they have hard drives
Arkansas Democratic Party – Official’s friend sold a “dead” drive on eBay
You and I might use dd or the Sysinternals SDelete utility to sanitize our media before disposing of it. Simple – open a terminal window, carefully select (and double, triple-check) that useless 2gb memory card and let the erasing begin. But what can the average user do to prevent accidental disclosure of their sensitive information to Strangers on the Internet?
Data Confidentiality Tips:
Use Full Disk Encryption (FDE) whenever possible.
Modern operating systems have brought FDE to the masses with streamlined, GUI-driven processes and background operation. The performance hit from using encryption has been largely mitigated by AES instructions baked into chipsets and the proliferation of Solid State Drives. One of the biggest benefits to FDE is that it’s largely set-and-forget. If you’re on a train and leave your laptop behind or you put your laptop on eBay, you can rest easy knowing that your data is protected from prying eyes by a strong password (no Password01 or Monkey123 here, folks) and AES encryption. These utilities can also encrypt removable media like USB flash and hard drives.
Windows: Bitlocker
OS X: FileVault
iOS: Filesystem Encryption
Linux: Linux Unified Key Setup (LUKS)
Android: Filesystem Encryption
Securely Wipe Media.
While FDE will protect you in many scenarios, it also relies on the integrity of the encryption algorithm and the strength of your password. Technology and research advance relentlessly and today’s state-of-the-art becomes tomorrow’s 3DES and MD5. Take advantage of these free, user-friendly tools to sleep easy:
Windows: BleachBit
OS X: Disk Utility
iOS: Erase Your Device
Linux: BleachBit
Android: Wipe Your Device
Don’t Sell Your Media – Destroy it.
As a frequent eBay-er, I bargain-hunt new hardware and try to get every penny out of decommissioned parts. But consider this: non-volatile storage media is cheaper than ever before and, more importantly, new parts come with a warranty. Is it worth recouping a few bucks, knowing that your Compact Flash card is out there in someone else’s hands? This Cambridge study on data remanence will make you think twice. The truth is: no matter what you do, there is always a chance that sensitive data remains on storage media. The only solution? Nuke it from orbit, just to be sure. Use your creativity here but stay safe. The goal is to physically destroy the media, like drilling holes through a hard drive or smashing a USB drive with a sledgehammer.
In Summary:
Every computer user can take a few simple steps to protect their data from theft, and accidental disclosure by taking three simple steps:
Step 1: Encrypt your data
Step 2: Sanitize media before disposal
Step 3: Give your media a Viking funeral
Worth it.
Grit City Security 