The article highlights BlackBelt, which has just enhanced its data wiping product to include Apple (AAPL) and Google (GOOG) Android tablets explained the difficulty to the author. “Solid-state memory uses a technique called wear leveling to maximize the life expectancy of the memory chips.” BlackBelt’s business development manager Ken Garner told Infosecurity, “It works by spreading the binary information (0s and 1s) randomly across all the memory cells in the chip. This means that unlike on spinning disk memory, the location of the data on the user interface bears no relation to where it is stored on the drive, making traditional forms of deletion ineffective.”
BlackBelt says end-users can’t data wipe their phones, “it isn’t possible for an individual to perform a full removal of personal data from any smartphone or tablet using a device’s in-built factory reset or by re-flashing the operating system.” the vendor explains to Help Desk Security that wear leveling will, “over-rule instructions to permanently overwrite old data.”
Solid-state memory wear leveling
Because of ‘wear leveling, neither remote wipes nor factory resets are guaranteed to remove all the data from solid-state memory. The blog points out that a low-cost product called Wondershare, can recover data from solid-state memory. Mr. Garner claims the software, “recovers just about everything after either a factory reset or a local (phone operating system) delete.”
When a tablet is retired it is incumbent on the company to make sure that all data held on the device is adequately deleted. One problem, says Garner, is that “Many data wiping solutions, more often than not, have been “…re-purposed from data wiping solutions for traditional hard disk drives,” and that simply doesn’t work on solid-state memory.
Three-stage process to wipe SSM
DataWipe, uses a three-stage process: first writing 0s in every memory cell, secondly writing 1s in every cell, and thirdly writing random 0s and 1s across every memory cell. The result, he claims, is guaranteed data erasure that can also provide audit, compliance, and reporting data in an industry-standard XML format that is easily exchanged with all the major DLP, SIEM, policy management, and mobile device management solutions solving both the technical difficulties around tablet recycling.
Wiping data from a PC or a first-generation Apple iPad that is being retired is important because of the enormous amount of data they can store. This makes the proper destruction of that data on the device essential before it leaves the organization. Unfortunately, IT asset disposition firm Retire-IT sees that many firms simply swap the devices with new ones or merely format the drives without securely wiping the data. The Columbus, OH-based firm says this leaves organizations vulnerable. Kyle Marks, CEO of Retire-IT told Help Net Security that:
99% of problems happen before a disposal vendor touches equipment. No vendor can destroy data if they don’t receive an asset, which is why we strongly encourage clients to destroy data before any move. Better safe than sorry. Of course, disposal vendors should destroy data (again) regardless
Retire-IT looked at tracking data from 1,072 corporate disposal projects encompassing 233 different companies and reported some shocking figures:
- 4 out of 5 projects (81.5%) had at least one missing asset.
- 1 out of 8 (11.6%) had a negative variance. The devil is in the details, but nobody looks very closely.
- Only 79% of the serial numbers were matched with subjective matching.
- Without subjective matching, only 58% of serial numbers were matched.
Sanitize IT equipment
Help Net Security offers some suggestions to help sanitize IT equipment:
Computers – Derik Boot and Nuke Linux Live CD for full disk wiping. It supports many types of wiping, including the DoD 5220.22-M method with 3 passes.
Starting with Windows Vista (and Windows 2008 Server), the Microsoft OS overwrites the contents of each sector when you do a Slow Format on your media. They recommend Microsoft’s SDelete for wiping files on Windows.
For Apple OS X there’s the Disk Utility.
On Linux use the “wipe”, “srm” or “shred” commands to securely sanitize files on most distributions.
Printers and copiers – Consult the manual to find out how to clear the memory or use third-party software to wipe the hard drive. Which I covered here
Mobile devices – Wired recommends a hammer and don’t forget to remove the SIM card.
Related articles
- BYOD: Preventing Breaches Can Be A Challenge (healthsecuritysolutions.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Do you remember Oldsmobile? The BusinessInsider documented what I have sensed for a while. Windows is playing less of a role at Microsoft (MSFT). When was the last time something came out of the Windows camp that fired us up? BI notes that for a long time, Microsoft was a company whose success or failure was built around Windows. While Windows is still the heart and soul of Microsoft, it’s becoming a smaller part of its earnings.
This chart from BI shows Windows operating income as a percentage of its overall operating income versus its overall operating income. The total operating income is slowly growing, while the Windows percentage of the total is slowly decreasing.
There is a SkyDrive Pro client application, but at this point, it’s available only as part of the 
Mr. Hassell concludes that the idea behind both SkyDrive services is the same—a place to store documents, files, and other things so they’re available from multiple places. But SkyDrive Pro is clearly oriented at businesses and provides enterprise features that are useful for collaboration, while SkyDrive Free is a consumer service available to anyone, for free, across different platforms.
Ellen DeGeneres recently 
Sophos offers a 
Loading ...