Establishing Digital Trust: Don't Sacrifice Security for Convenience
A recent study of 122 second-hand mobile devices, hard drives and solid state drives sold on Amazon, eBay and Gazelle.com found that fully 48 percent of the hard drives and solid state drives contained residual data, and 35 percent of the mobile devices held emails, call logs, text messages, photo and videos.
The study, conducted by Blancco Technology Group and Kroll Ontrack between May and August of 2015, found that while deletion attempts had been made on 75 percent of the drives and 57 percent of the mobile devices, they were unsuccessful due to the use of unreliable deletion methods.
In two cases, the information remaining on the mobile devices was sufficient to determine the original owners' identities.
"Whether you're an individual, a business or a government/state agency, failing to wipe information properly can have serious consequences," Blancco IT security consultant Paul Henry said in a statement. "One of the more glaring discoveries from our study is that most people attempt in some way or another to delete their data from electronic equipment. But while those deletion methods are common and seem reliable, they aren’t always effective at removing data permanently and they don’t comply with regulatory standards."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The big lesson for both businesses and consumers is to understand which deletion methods are effective and comply with regulatory standards and, most importantly, to be cautious of blindly trusting that simply 'deleting' data will truly get rid of it for good," Henry added.
On 11 percent of the drives containing residual data, only a basic delete had been performed (meaning the user had simply deleted the file or dragged it to the recycle bin), leaving 444,000 files exposed.
On 81 percent of drives on which a "quick format" had been performed, data was still present.
"The best method for securely erasing drives, especially SSDs, is the random overwrite method used by erasure software," the report notes. "Interestingly, only six percent of the hard disk drives and solid state drives in our study used this method. In each case, however, the random overwrite was 100 percent effective and resulted in zero data remaining on the drives."
A deletion attempt had been made on 57 percent of the mobile devices with residual data found on them, leaving 179 texts, 252 instant messages, 75 large photos and two SMS messages exposed.
In total, 2,153 emails and 10,838 messages (text/SMS/IM) were retrieved from the mobile devices analyzed.
"Manually deleting data or simply logging out of a mobile device app does not erase data from the device," Kroll Ontrack vice president of data recovery operations Todd Johnson said in a statement. "Deleting data simply hinders the ability for the mobile device to locate the data -- the actual data still remains and can be recovered."
"In the case of hard drives and solid state drives, formatting to securely delete data can lead to varying results, as each operating system performs the action differently," Johnson added. "To successfully delete data to a state where it cannot be recovered, one must completely overwrite the data using reputable deletion software."