Langa Letter: The "Dead Drive" Security Loophole - InformationWeek
Hardware & Infrastructure
04:45 PM
Fred Langa
Fred Langa
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Langa Letter: The "Dead Drive" Security Loophole

You may get a nasty surprise if you send your system out for repairs! Consider your options.

Any time you return a system or hard drive for repair, resell it, hand it down, discard it, or otherwise place it in someone else's hands, you're potentially giving that person access to everything on the drive, including files that you thought were deleted, reformatted, or overwritten.

Reader Andy Nelaimischkies recently encountered this little-discussed but major security problem:

"Hi Fred: I recently had a new hard drive fail due to apparent motor failure. I returned it for another one but afterwards I was thinking: What's to prevent someone from fixing it and accessing my personal data at a later date? Is there a way to erase a drive before returning it for a replacement? Am I being too paranoid?"

No, that's not paranoia! While this case--a dead motor--would have presented some unusual challenges to a snoop, in most cases it's amazingly easy to recover data from old hard drives, even if they've been "erased" or reformatted. (And in Andy's case, he never had the chance to do even that; his data was intact, exactly as it was when the drive died!)

Whenever a hard drive changes hands for any reason, there's absolutely nothing (except the imperfect protection of the honesty and ethics of others) to prevent the new owner of the drive from gaining access to whatever was on it. Your business plans, E-mail, tax records, passwords, and any private or confidential information may all be up for grabs, even if you've deleted the files or reformatted the disk.

Ironically, even persons and organizations that exercise good security practices during the normal life of a system or hard drive may not pay enough attention to security during repair operations or at the end of a system's life.

False Security
You probably already know that erasing or deleting a file normally doesn't really erase or delete much of anything: Rather, when you erase or delete a file, the file system simply changes the directory entry and marks the file's area as available for reuse. The original file contents are still there on the hard drive, essentially intact. Eventually, as the hard drive gets used, the original file may be overwritten with other data, but on today's huge hard drives, that can take quite a while.

Plus, some operating system components and add-on utilities may work in the background to actively preserve your deleted files. In normal operation, for example, the Windows Recycle Bin only pretends to delete files. What really happens is the Recycle Bin subsystem quietly copies the file, intact, to a special directory from which it can easily be recovered. Even when you empty the Recycle Bin, the deleted file still isn't really gone, because the normal OS-level deletion operation kicks in and simply marks the file area as "ready for reuse." Once again, the data remains intact on the disk until and unless it's eventually overwritten.

Similarly, Windows ME (and probably the forthcoming XP) have a System Restore function that saves and can restore certain kinds of files, even if they've otherwise been totally erased.

And--this comes as a surprise to many users--even a full reformat doesn't actually erase all the data on a drive: Instead, the format operation simply writes a new file allocation table and sector information. Much of the old data on the drive is still there, intact.

1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll