How to safely get rid of their electronic devices
How to free the box from old phones, laptops and hard drives, without worrying about the fact that your data will fall into the hands of someone
The rapid development of technology in recent years directly affects the life expectancy of user electronics. Shortening the life cycle of device manufacturers' products is forced not only by economic reasons, but also by technology enthusiasts who want the latest and coolest gadgets.
Replacing phones and laptops every couple of years increases the risks associated with personal data and consumer safety, since many of them do not erase data from their devices properly before they sell or discard them. And you should not unnecessarily blame them for this, since it is safe to erase data from modern devices - the task is not as simple as it may seem.
Keep reading if you want to know why this is so, and how encryption can help reduce these risks. And what is better - to sell old devices or just destroy?
What is your threat rating?
To decide how to get rid of a laptop, phone or storage device without risking to compromise the stored data, you need to figure out who may be interested in this information and what tricks they will be prepared to go.
The recommendations of this article are aimed at users who want to protect their data from typical cybercriminals or curious buyers. Such individuals are unlikely to have the resources, skills, and interest in trying to conduct complex and time-consuming data recovery procedures. Costs are simply not worth the results.
Data cleansing is needed to reduce risks: what is the value of the data you are trying to destroy, and what are the resources of someone who can try to access it?
“For most users, it will probably be enough to make sure that they do not represent too easy prey; that the cost of the data recovery attempt will be much greater than the value of the data, and it will be much easier to sell the device for parts or return it to the system, ”said Gregware, the data recovery company whose services are used by Dell, Gregware Research and Development Director [Greg Andrzejewski] , Western Digital, and other technology companies.
On the other hand, in the case of political activists operating under conditions of repression by the government, or directors of large corporations, the resources and motivation of people who can target their data will be very different from what ordinary consumers face. In such cases, it is better not to sell old devices and not to give them to recycling centers, which can restore them and put them back into operation.
“The user has to decide: what can happen badly if someone gets access to some of my data?” Said Nathan Little, director of product development at Gillware Digital Forensics, a division of Gillware. “Is it worth selling the phone for $ 50 or will it be safer to store it or physically destroy and throw it away?”
Before discussing data destruction, you need to talk about encryption, because the best way to minimize the risks associated with personal data when selling a laptop, mobile phone, or other computing device is to enable disk encryption or storage at the beginning of using devices.
This ensures that even if data remains on the device, when you get rid of it, it will be useless for someone who does not have an encryption code or password that reveals this code. And, of course, encryption will protect your data in case of theft or loss of the device.
All major operating systems support full disk encryption. MacOS has FileVault, Linux has LUKS (Linux Unified Key Setup-on-disk-format), Windows has BitLocker in Pro and Enterprise versions, and a limited version of Device Encryption in Windows Home, if the device has a special Trusted Platform cryptochip (TPM) 2.0. There are also third-party open source products like VeraCrypt that can encrypt external disks and main disks running the OS.
Some of these solutions encrypt the primary encryption key with the password of the user with whom he logs in, or with a separate password that must be entered at boot time, and store it in a special place on the disk. Therefore, it is important to use long code phrases that are difficult to guess, and which cannot be easily cracked using brute force methods.
It also means that you still have to clean the disk before selling or processing. This will help ensure that the password-protected encryption key is deleted and the data is lost forever.
Some storage devices provide automatic encryption using special chips and firmware, and encrypt data before writing to disk. However, such encryption options do not have source code and do not publish documentation, so it’s hard to know if they work correctly.
In the studyFrom 2015, several external hard drives from Western Digital that provide encryption revealed several serious flaws that could allow an attacker to recover data or encryption keys. The drives used USB bridge controllers involved in encryption made by other companies - so this problem is not limited to a single manufacturer.
The conclusion is: even if you have a disk with encryption, it may still be a good idea to use other encryption over existing ones. The encryption systems of modern operating systems have been widely used and studied by many security experts for several years. VeraCrypt, a branch of the now abandoned TrueCrypt project, was also verifiedsecurity specialists.
Even if you have just realized the importance of disk encryption, it’s not too late to turn it on right now. The faster you turn it on, the less likely it is that someone will be able to recover data from your device after you have sold or taken it for recycling.
Make sure that you keep recovery keys from your cryptographer in a safe place, and also regularly make backup copies of important files, preferably on a separate encrypted disk. If your disk fails before you get rid of it, no company will help you recover data unless you have recovery keys for encrypted partitions.
We erase data from hard drives
Hard disks store data on rotating disks coated with magnetic material. They have been a standard type of drive in the computer industry for many decades, and are well known, so many methods of cleaning, that is, safe data deletion, exist for them.
In the ATA specification, the standard interface between computer and disk, there is even a SECURITY ERASE UNIT command , better known as Secure Erase, which can be realized by hard disk and solid-state drive (SSD) manufacturers. Performing the Secure Erase command on the HDD or SSD will erase the data in all the cells and return the disk to the factory state.
First, it should be noted that the quick format offered by default in Windows does not destroy all data. It only clears the file system, the index of records where information about files and their physical location on the disk is stored. Fast formatting marks physical locations as free space available for reuse, but old data will remain in the physical sectors until they are slowly overwritten in the future by other programs. Therefore, fast formatting cannot be considered data cleaning for devices that are going to be disposed of.
Microsoft offers the opportunity to overwrite all sectors of the disk with zeros, which makes it practically impossible to recover useful data, or at least commercially unprofitable, for recovery companies. This is the command line utility Diskpart and its option “clean all”.
To use Diskpart on the main disk where the OS is installed, you need to boot from the Windows installation media (CD or flash drive) and enter into recovery mode . After that, you need to select the command line and enter “diskpart”.
The “list disk” command will list all available disks with numbers (0, 1, and so on) defining them. Once you have determined the disk you want to erase, enter “select disk #”, where # indicates the disk number. Then enter “clean all” and be patient, because this operation can take a very long time.
Make sure you select the correct disk, because this operation is irreversible. Also note that executing a single clean command, without the all parameter, will destroy only the first sector of the disk containing partition information, but will not overwrite all sectors with zeros.
HDD manufacturers release their own special diagnostic programs, for example, Seagate SeaTools or Western Digital Data Lifeguard Diagnosticswho are able to safely erase data by filling disks with zeros.
Such utilities from manufacturers usually come in two versions - to install and run on Windows, and to run on DOS, when booting from a bootable CD or flash drive. To erase a disk containing the operating system, the latter is required, since you cannot erase the HDD from within the operating system.
To create bootable CDs or flash drives and write these utilities to them, you will have to follow the instructions attached to these utilities. However, there is a simpler way: there are bootable CDs supported by a community of enthusiasts that already contain sets of programs for recovery, administration and diagnostics, including utilities from HDD manufacturers, which in our time are sometimes difficult to get, because some manufacturers have been bought by others, after which their old sites and download links have stopped working.
One example is the actively updated Ultimate Boot CD (UBCD) project, and it can be burned to USB with programs like Rufus or Universal USB Installer. It also contains the popular Darik's Boot and Nuke (DBAN), a third-party data erasure program that supports more complex data deletion procedures — for example, those described in the cleaning instructions from the US Department of Defense and other government agencies.
These standards require erasing sensitive information, such as confidential data, by overwriting the entire disk in several passes and using different data sequences, but this can take a lot of time and is likely to be overkill for the average user.
Disk Utility on MacOS (formerly OS X) provides several options for erasing data from a disk in the Security Options section, including multi-pass rewriting that meets the DoD 5220.22-M specification.
On MacOS, it can be found in the / Applications / Utilities / section and used to erase external drives. To clean the disk with the system boot volume, users can boot into Recovery mode and run the program from there. For SSD safe erase is not provided.
Solid-state drives (SSD)
In many modern laptops, for example, MacBook or ultrabooks under Windows, SSDs replace the usual HDD, which is why our task is a bit more complicated. These drives do not store data on magnetic disks, but on flash memory chips, and use complex storage management algorithms, due to which traditional methods of erasing and filling with zeros become less reliable.
The SSD has an internal table that maps logical blocks of addresses (LBA) to pages, or rows of physical cells in a memory chip. A block can consist of several pages, up to 256 pieces.
When an application needs to overwrite existing data, the SSD does not update the same physical pages. It writes new data to the blank pages, because it is faster, and also levels out the wear of memory cells. Then the LBA table is updated so that the programs can see the new version of the data in the same place as before.
Because of this trick, old versions of the data remain intact on pages that are marked as “previously used” [stale]. They will eventually be cleared when other pages in the same block are used, or when data from them are deliberately transferred to blank pages in other blocks.
This process is called garbage collection and is necessary in order to be able to erase whole blocks and re-start them in work. This is also one of the reasons why SSD has reserves of extra empty blocks, and why the TRIM command was introduced, allowing the OS to inform the SSD about incorrectly working pages.
For most consumers, the simplest solution for erasing an SSD will be to identify its manufacturer and model, and then use the utility provided by the manufacturer that will launch an internal safe removal procedure ( Intel , Samsung , Toshiba OCZ , SanDisk , Kingston , Crucial , Western Digital , Seagate , Corsair , Plextor ). As in the case of the HDD, this procedure must be run outside the OS, and it will be executed by the firmware.
Most applications for working with SSD require installation under Windows, after which it is proposed to create a bootable USB with a program that will safely destroy data.
Third-party software that gives the ATA Secure Erase command for HDD and SSD is Parted Magic , a once free partition management program, which is now being asked for $ 11, and HDDerase , a DOS utility originally developed at the California Memory and Records Center. The University of San Diego, however, was not updated in 2008, as a result of which it may not work with modern drives.
HDDerase and the latest free version of Parted Magic from 2013 are present on the Ultimate Boot CD mentioned above. Parted Magic is better, it offers a graphical interface, but the latest free version has some known problems that could cause the drives to become brick - these problems were fixed only in later versions. Also for ATA Secure Erase, you can use the hdparm utility for Linux, but using it is rather painstaking.
It is important to remember that when using the ATA Secure Erase command, you must set a password for the disk. Choose something simple that is easy to remember, and do not use an empty password, as some BIOSes do not recognize such passwords and will not allow you to use the disk in the future.
It is also not recommended to run a secure erase of external USB-connected drives, as some of the interfaces may not support this command, and some people reported turning external drives into brick.
An alternate SSD rewrite can be an alternative to secure erasure, but such an operation can take several hours or even days, depending on the size of the drive, and is not always reliable. There is also a risk of disk failure due to overload.
The options for secure erasing HDD from macOS Disk Utility are not suitable for SSD. At Apple , the documentation states that these options are “not needed for SSDs, since standard erasing makes it difficult to recover data from SSDs”.
However, difficult - does not mean impossible, therefore, the company recommends enabling FileVault encryption at the beginning of the use of SSD.
Using tools to erase the data offered by drive manufacturers, and especially the implementation of the Secure Erase command, would be the safest option, since these companies should know best how their products work. However, over the years of using these programs, several reports have been collected about their incorrect work.
In 2011, researchers from the University of California at San Diego decided to study the effectiveness of common SSD data cleaning techniques and found serious problems with the implementation of the ATA Secure Erase team. Of the 12 tested SSDs from various manufacturers, only 8 supported this command, and only 4 performed it in a reliable way.
On two of these drives, attempts to execute the command returned an error, and only the first block was deleted. To make matters worse, one disc reported the success of a command, without erasing anything at all.
The study also found that a complete double rewrite of the SSD made it possible to quite well clean up most, but not all of the drives. For example, the researchers were able to restore a gigabyte of data, or 1% from one of the verified drives, even after 20 overwrites, using special equipment connected directly to the memory chips.
The file-based cleanup, usually working for HDD, during which the physical location of the file was repeatedly overwritten with random data, turned out to be completely unsuitable for SSD. Researchers were able to recover from 4% to 75% of the contents of the files allegedly cleared by this method.
Stephen Swanson, director of NVM's laboratory at the University of California and one of the researchers who took part in the work, told me that the situation had to improve since 2011, in particular because their work attracted a lot of attention at one time and put pressure on SSD manufacturers. He believes that modern SSD from respected manufacturers should have normal implementations of the cleaning team.
“I would entrust the program from a reputable company with the task of cleaning my SSD before selling it,” he said.
After deletion, you can use live-Linux to check that there is no more useful data on the drive at a high level. Some small remnants of data may exist in memory chips, and in such a test will not be visible, but they are unlikely to be useful to cybercriminals.
Extraction of such information would require special equipment capable of reading information from flash chips bypassing the SSD controller, and a curious buyer or a casual cybercriminal will not conduct such an operation.
Another problem is that SSDs sometimes fail without warning, and not because of the deterioration of memory cells, which over time happens to all drives. Various experts, who carried out a thorough SSD check, told me that they had encountered situations in which the SSD simply stopped working and had to be thrown away.
“They have a bunch of electronic components inside,” Swanson said. “The software that works in SSD is very complicated, and if it is in a bad state, nothing can be done and the SSD just stops. Such a failure is much more likely than a flash chip failure. ”
Rutger Plak, the chief forensic expert from the Dutch company Fox-IT, told me that he and his colleagues had done some SSD erasure checks to see if they could be used for their work instead of the HDD — for example, to collect evidence from users’s computers. during court events and incident investigations. They decided to reject this idea due to reliability issues.
The goal was to see if the data could be recovered after a standard rewrite in several passes, which is often used to clean disks, Plak said. “Many SSDs broke when we tried to safely erase them or write too much data on them.”
With mobile devices, everything is in some sense simpler, although they also use flash memory with the same drawbacks of cleaning procedures as SSDs.
The latest versions of Android and iOS support encryption of the entire device, many include it by default, but this is a fairly new trend, and a large number of unencrypted phones are still being actively used, especially in the Android ecosystem.
Erasing Android Data
Android has the ability to return to the factory settings , erasing a section of data containing sensitive information, and settings for applications and operating systems. Phones with support for external microSD cards have the ability to erase and format external storage [as well as encrypt / approx. trans.].
Securely erase data from older devices on Android, do not support full encryption, is quite problematic, as shown in a study from 2015, conducted by the specialists of the University of Cambridge. They analyzed the effectiveness of the implementation of the factory reset function in 21 used phones with Android versions from 2.3 to 4.3, and found that they can recover emails, text messages, keys to access Google and other sensitive data.
Basic full encryption was added in Android 4.4, and improved in Android 5.0. However, it was not necessary to turn it on by default until version 6.0, and even then this requirement applied only to new devices bundled with this version, and not to old phones that received a software update.
The most inexpensive devices that do not support the Advanced Encryption Standard (AES) speeds above 50 Mbps do not include requirements for mandatory encryption, even in the latest version of Android 8.1. According to statistics , only 68% of phones that entered Google Play within 7 days of this July had Android version 6.0 or later installed.
Rutger Plak told me that during the years of the company’s existence, they had received many messages from people who had launched a return to the factory settings of Android devices, had sold them, and then discovered the theft of their personal information.
If the non-encrypting Android phone launches the factory reset, and you have access to its chip or card, then recovering the data is very simple, Plak said. “The Internet is full of data recovery software with a simple interface, and it is very useful for recovering accidentally deleted files. However, from the point of view of people who sell the phone and are unsuspecting, this is pretty scary. ”
“I’m afraid that if you have an old Android phone, I wouldn’t recommend selling it,” Ross Anderson, a professor of engineering security at the Computer Laboratory at the University of Cambridge, told me. “You need to be well-versed in the issue of erasing data, because a return to factory settings often does not work as it should.”
Plak agreed that selling an Android device is a bad idea, and that using full encryption is the best way to prevent data recovery for new devices. He also pointed out that it is important to put a strong password on the device, since the security of even encrypted data depends on it.
Wipe iOS Data
Apple, as the only manufacturer of iOS devices, fully controls this ecosystem and updates the iPhone and iPad users well to the latest OS versions. The company added full device encryption in iOS 8, and by default it is enabled. Also, starting with the iPhone 5S, the devices have a Secure Enclave security co-processor that handles cryptographic operations and stores the encryption key.
This dedicated processor prevents brute-force attacks on the phone's password, increasing the input delay after each failed password entry. There are devices sold to law enforcement agencies that supposedly know how to crack 6-digit passwords for up to three days, so users should consider using long alphanumeric passwords .
All iOS devices can be reset to factory state by connecting them to a computer and using Apple iTunes . They can also be erased without a computer , through the menu Settings> General> Reset menu.
If a mobile phone, hard drive or SSD contains very sensitive data, it is best not to sell them. The best choice will be to keep them in a safe place from which they cannot be stolen, or to carefully destroy them so that the data cannot be recovered.
There are companies that specialize in the destruction of storage devices, some of which even provide certificates of destruction, but their services are directed at corporations and can be quite expensive.
Destroying HDD is pretty simple. You can drill through holes or hammer a few nails into the body, which will damage the discs. Of course, during such operations you should always use protection.
Nathan Little of Gillware said that drilling holes, bending discs or splitting them into pieces can be considered very successful methods of destroying HDD.
“Data cannot be recovered in any commercial laboratory,” said Little’s colleague, Greg Andrzejevsky. “In theory, something can be read with very specialized equipment, such as a scanning electron microscope, but commercial laboratories, like us, are trying to fix the disks. We will not be able to recover anything from the HDD, whose disks are badly damaged. ”
The SSD has several memory chips, and all of them must be destroyed so that the data cannot be recovered. The usual 2.5 "SATA SSD has a protective case that needs to be removed to crush each chip. In the SSD form factor M.2, all the chips are visible and easier to destroy.
Although it may seem that everything is simpler with the phones, in fact they will require more effort, since the storage chips are integrated into their boards, and are well protected. To get to them, you have to disassemble the device - it is a painstaking process, the details of which vary from one model to another.
Modern phones are strong enough, so using fire to destroy them, as some recommend, would be a bad idea. First, you still need to disassemble and remove the built-in batteries, because they are dangerous to burn - there is a risk of explosion. Secondly, to damage the internal components will require a very hot and powerful flame.
“We had a case when the phone and the body burned in a barrel, and the phone melted beyond recognition - it was hard to say whether it was a phone or a wallet,” said Little. “It was a phone stub, and we still managed to pull out the chip and partially read it, determine whose phone it was, and read text messages and images from it.”
An alternative to erasing the data would be “physically destroying the device, carefully breaking it up to such an extent that the chip casing is broken apart,” Ross Anderson told me. “Another alternative would be to place the phone in sea water to a great depth, or to bury it where it is not found.”
But to break the phone in a metal case with a hammer will be quite difficult. If you decide to do this, it is recommended that you first remove the battery, so you still have to open the case of the phone first.