Langa Letter: The "Dead Drive" Security Loophole - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Hardware & Infrastructure
Commentary
2/16/2006
04:45 PM
Fred Langa
Fred Langa
Commentary
50%
50%

Langa Letter: The "Dead Drive" Security Loophole

You may get a nasty surprise if you send your system out for repairs! Consider your options.

Any time you return a system or hard drive for repair, resell it, hand it down, discard it, or otherwise place it in someone else's hands, you're potentially giving that person access to everything on the drive, including files that you thought were deleted, reformatted, or overwritten.

Reader Andy Nelaimischkies recently encountered this little-discussed but major security problem:

"Hi Fred: I recently had a new hard drive fail due to apparent motor failure. I returned it for another one but afterwards I was thinking: What's to prevent someone from fixing it and accessing my personal data at a later date? Is there a way to erase a drive before returning it for a replacement? Am I being too paranoid?"

No, that's not paranoia! While this case--a dead motor--would have presented some unusual challenges to a snoop, in most cases it's amazingly easy to recover data from old hard drives, even if they've been "erased" or reformatted. (And in Andy's case, he never had the chance to do even that; his data was intact, exactly as it was when the drive died!)

Whenever a hard drive changes hands for any reason, there's absolutely nothing (except the imperfect protection of the honesty and ethics of others) to prevent the new owner of the drive from gaining access to whatever was on it. Your business plans, E-mail, tax records, passwords, and any private or confidential information may all be up for grabs, even if you've deleted the files or reformatted the disk.

Ironically, even persons and organizations that exercise good security practices during the normal life of a system or hard drive may not pay enough attention to security during repair operations or at the end of a system's life.

False Security
You probably already know that erasing or deleting a file normally doesn't really erase or delete much of anything: Rather, when you erase or delete a file, the file system simply changes the directory entry and marks the file's area as available for reuse. The original file contents are still there on the hard drive, essentially intact. Eventually, as the hard drive gets used, the original file may be overwritten with other data, but on today's huge hard drives, that can take quite a while.

Plus, some operating system components and add-on utilities may work in the background to actively preserve your deleted files. In normal operation, for example, the Windows Recycle Bin only pretends to delete files. What really happens is the Recycle Bin subsystem quietly copies the file, intact, to a special directory from which it can easily be recovered. Even when you empty the Recycle Bin, the deleted file still isn't really gone, because the normal OS-level deletion operation kicks in and simply marks the file area as "ready for reuse." Once again, the data remains intact on the disk until and unless it's eventually overwritten.

Similarly, Windows ME (and probably the forthcoming XP) have a System Restore function that saves and can restore certain kinds of files, even if they've otherwise been totally erased.

And--this comes as a surprise to many users--even a full reformat doesn't actually erase all the data on a drive: Instead, the format operation simply writes a new file allocation table and sector information. Much of the old data on the drive is still there, intact.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll