{"id":44724,"date":"2013-05-14T22:16:02","date_gmt":"2013-05-15T02:16:02","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-16T21:05:45","modified_gmt":"2021-08-17T01:05:45","slug":"did-you-wipe-your-tablet","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/did-you-wipe-your-tablet\/","title":{"rendered":"Did You Wipe Your Tablet?"},"content":{"rendered":"

\"Did<\/a>Techno\u00a0prognostication firm IDC<\/a> says (I think they are right on this one<\/em>) that worldwide sales of tablets will surpass desktop PCs and laptops by the end of 2014. This will result in a boomlet in the second-hand tablet market<\/strong> and a recent article<\/a> on Infosecurity<\/em><\/a> says that in response, firms will need to start data wipe their old tablets<\/strong> just as thoroughly as old hard disks to protect their data.<\/p>\n

\"take<\/a>The company is responsible for any company data held on the mobile device; no matter the flavor of BYOD<\/a><\/strong> practiced so it is the company that must take responsibility for removing data<\/strong> from the device before disposal. The Infosecurity<\/em> article says that ensuring that mobile device<\/a> solid-state memory is completely clean is technically difficult.<\/p>\n

Solid-state memory<\/h3>\n
\n

The article highlights BlackBelt<\/a>, which has just enhanced its data wiping<\/a> product to include\u00a0Apple<\/a> (AAPL<\/a>) and Google<\/a> (GOOG<\/a>) Android<\/a> tablets explained the difficulty to the author. \u201cSolid-state memory<\/a><\/strong> uses a technique called wear leveling<\/a><\/strong> to maximize the life expectancy of the memory chips.\u201d<\/em> BlackBelt\u2019s business development manager Ken Garner told Infosecu<\/em>rity,<\/em> \u201cIt works by spreading the binary information (0s and 1s) randomly across all the memory cells in the chip. This means that unlike on spinning disk memory, the location of the data on the user interface bears no relation to where it is stored on the drive, making traditional forms of deletion ineffective<\/strong>.<\/em>\u201d<\/p>\n

\"end<\/a>BlackBelt says<\/a> end-users can’t data wipe their phones<\/strong>, \u201cit isn\u2019t possible for an individual to perform a full removal of personal data from any smartphone or tablet using a device\u2019s in-built factory reset or by re-flashing the operating system.<\/em>” the vendor explains to Help Desk Security<\/em> that wear leveling will, “over-rule instructions to permanently overwrite old data.<\/em>\u201d<\/p>\n

Solid-state memory wear leveling<\/h3>\n

Because of \u2018wear leveling, neither remote wipes nor factory resets<\/strong> are guaranteed to remove all the data from solid-state memory<\/a><\/strong>. The blog points out that a low-cost product called Wondershare<\/a>, can recover data from solid-state memory. Mr. Garner claims the software, \u201crecovers just about everything after either a factory reset or a local (phone operating system) delete.<\/em>\u201d<\/p>\n

\"Many<\/a>When a tablet is retired it is incumbent on the company to make sure that all data held on the device is adequately deleted. One problem, says Garner, is that \u201cMany data wiping solutions<\/strong>, more often than not, have been “…re-purposed from data wiping solutions for traditional hard disk drives,<\/em>\u201d and that simply doesn\u2019t work on solid-state memory.<\/strong><\/p>\n

Three-stage process to wipe\u00a0SSM<\/h3>\n

DataWipe<\/strong>, uses a three-stage process<\/strong>: first writing 0s in every memory cell<\/a>, secondly writing 1s in every cell, and thirdly writing random 0s and 1s across every memory cell. The result, he claims, is guaranteed data erasure<\/strong> that can also provide audit, compliance, and reporting data in an industry-standard XML format that is easily exchanged with all the major DLP, SIEM<\/a>, policy management, and mobile device management<\/a> solutions solving both the technical difficulties around tablet recycling.<\/p>\n

\"difficulties<\/a>Wiping data from a PC or a first-generation Apple iPad that is being retired is important because of the enormous amount of data they can store. This makes the proper destruction of that data on the device essential before it leaves the organization. Unfortunately, IT asset disposition firm Retire-IT<\/a> sees that many firms simply swap the devices with new ones or merely format the drives without securely wiping the data. The Columbus, OH<\/a>-based firm says this leaves organizations vulnerable.\u00a0 Kyle Marks, CEO of Retire-IT told<\/a> Help Net Security<\/em> that:<\/p>\n

99% of problems happen before a disposal vendor touches equipment. <\/em>No vendor can destroy data if they don’t receive an asset, which is <\/em>why we strongly encourage clients to destroy data before any move. <\/em>Better safe than sorry. Of course, disposal vendors should destroy <\/em>data (again) regardless<\/em><\/p>\n

Retire-IT looked at tracking data from 1,072 corporate disposal projects encompassing 233 different companies and reported some shocking figures:<\/p>\n