Langa Letter: The "Dead Drive" Security Loophole - InformationWeek
Hardware & Infrastructure
04:45 PM
Fred Langa
Fred Langa

Langa Letter: The "Dead Drive" Security Loophole

You may get a nasty surprise if you send your system out for repairs! Consider your options.

Any time you return a system or hard drive for repair, resell it, hand it down, discard it, or otherwise place it in someone else's hands, you're potentially giving that person access to everything on the drive, including files that you thought were deleted, reformatted, or overwritten.

Reader Andy Nelaimischkies recently encountered this little-discussed but major security problem:

"Hi Fred: I recently had a new hard drive fail due to apparent motor failure. I returned it for another one but afterwards I was thinking: What's to prevent someone from fixing it and accessing my personal data at a later date? Is there a way to erase a drive before returning it for a replacement? Am I being too paranoid?"

No, that's not paranoia! While this case--a dead motor--would have presented some unusual challenges to a snoop, in most cases it's amazingly easy to recover data from old hard drives, even if they've been "erased" or reformatted. (And in Andy's case, he never had the chance to do even that; his data was intact, exactly as it was when the drive died!)

Whenever a hard drive changes hands for any reason, there's absolutely nothing (except the imperfect protection of the honesty and ethics of others) to prevent the new owner of the drive from gaining access to whatever was on it. Your business plans, E-mail, tax records, passwords, and any private or confidential information may all be up for grabs, even if you've deleted the files or reformatted the disk.

Ironically, even persons and organizations that exercise good security practices during the normal life of a system or hard drive may not pay enough attention to security during repair operations or at the end of a system's life.

False Security
You probably already know that erasing or deleting a file normally doesn't really erase or delete much of anything: Rather, when you erase or delete a file, the file system simply changes the directory entry and marks the file's area as available for reuse. The original file contents are still there on the hard drive, essentially intact. Eventually, as the hard drive gets used, the original file may be overwritten with other data, but on today's huge hard drives, that can take quite a while.

Plus, some operating system components and add-on utilities may work in the background to actively preserve your deleted files. In normal operation, for example, the Windows Recycle Bin only pretends to delete files. What really happens is the Recycle Bin subsystem quietly copies the file, intact, to a special directory from which it can easily be recovered. Even when you empty the Recycle Bin, the deleted file still isn't really gone, because the normal OS-level deletion operation kicks in and simply marks the file area as "ready for reuse." Once again, the data remains intact on the disk until and unless it's eventually overwritten.

Similarly, Windows ME (and probably the forthcoming XP) have a System Restore function that saves and can restore certain kinds of files, even if they've otherwise been totally erased.

And--this comes as a surprise to many users--even a full reformat doesn't actually erase all the data on a drive: Instead, the format operation simply writes a new file allocation table and sector information. Much of the old data on the drive is still there, intact.

1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll