Read a couple of stories this past week or so on securely erasing data but the one that caught my eye was about RunCore and their InVincible SSD. It seems they have produced a new SSD drive with internal circuitry/mechanisms for securely erasing data.
Securely erasing SSDs
Each InVincible SSD comes with a special cable with two buttons on it one for overwriting the data (intelligent destruction) and the other for destroying the NAND cells (physical destruction).
- In the erase data mode (intelligent destruction), device data is overwritten on all NAND cells so that the original data is no longer readable. Presumably as this is an internal feature even over provisioned NAND cells are also overwritten. Unclear what this does to pages that are no longer programmable but perhaps they even have a way to deal with this. There was some claim that the device would be rendered to factory new condition but it seems to me that NAND endurance would still have been reduced.
- In the kill NAND cells mode (physical destruction) apparently the device generates a high enough voltage internally to electronically destroy all the NAND bit cells so they are no longer readable (or writeable). Wonder if there’s any smoke that emerges when this happens.
Not sure how you insert the special cable because the device has to be powered to do any of this. It seems to me they would have been better served with an SATA diagnostic command to do the same thing, but maybe the special cable is a bit more apparent. The cable comes with two buttons one green and the other red (I would have thought yellow and red more appropriate).
But what about my other SSDs?
It’s not as useful as I first thought because what the world really needs is a device that could erase or kill NAND cells on any SSD drive. That way we could securely erase all SSDs.
I suppose the problem with a universal SSD eraser is that it would need to somehow disable wear leveling to get at over provisioned NAND cells. Also to physically destroy NAND cells would take some special circuitry. But maybe if we could come up with a standard approach across the industry such a device could be readily available.
I suppose another approach is to encrypt the data and throw away your keys but that seems to simple.
Or maybe just overwrite the data a half dozen or so times with random, repeating data patterns and then their complements. But this may not reach over-provisioned cells and with wear leveling in place all these writes could conceivably go to the same, single NAND page.
New approaches to securely erasing disk data
On another note at SNW early this year I was talking with another vendor and he said that securely erasing disk drives no longer takes multiple (3-7 depending on who you want to believe) passes of overwriting with specified data patterns (random, repeating patterns and complements of same). He said there was research done recently which had proved this but I could only find this article on [Disk] Data Sanitization.
And sometime this past week I had read another article (don’t know where) about a company shipping a device which degausses standard 3.5″ disk drives. You just insert a disk inside of it and push a button or two and your data is gone.
Why all the interest in securely erasing data?
It never really goes away. No one wants their data publicly available and securely erasing it after the fact is a simple (but lengthy) approach to deal with it.
But why isn’t everyone using data encryption? Seems like a subject for another post.
Image: Safe ‘n green by Robert S. Donovan