Wear-leveling privacy risk and SSDs?

What is current thinking about privacy risk of SSDs and other flash-based drives, compared to disk HDDs?

You can easily overwrite sectors with zeros or garbage on disk HDD to secure erase files, but with SSDs and wear-leveling is it possible to get all the bits of data? And consider effect of constantly writing secure-erase data on lifespan of SSDs.

There was a lot of discussion about this when the SSDs were newer maybe 3 or 4 years ago.
But with improved SSD technology, what is current feeling?

I am thinking for next laptop to get SSD internal drive, but maybe security-wise it is not such a good idea.

 

SSD's TRIM or 'Wear Level' by overwriting any deleted data with (I think) zero's...letting the controller know that the cell is ready to be written to again. So that in itself is better than HDD's just removing the pointer to the file in the file system. But supposedly, you can't guarantee that any secure deletion tool will get all the bits, or if the controller will swap cells out, so that is a downside. Now HDD's can do the same if they come across bad sectors (swap out)...and you can't get to those either unless you use something like BCWipe Total Wipeout.

There is this: -http://news.techworld.com/security/3263093/ssd-fimware-destroys-digital-evidence-researchers-find/-

As usual, fully encrypting a brand new SSD before use, should eliminate any worries.

I use BCWipe with Transparent Wiping and haven't noticed any decreased life on a Vertex 2 yet.

The TC docs caution against SSDs, but the experts in the forum see no problem with SSDs.

It's an interesting topic for sure, and I'd like to see a definitive study done with current hardware.

PD

 

Actually, what I am more worried about is something that is mention in another article that there is a link to in the article you link to.

http://news.techworld.com/storage/3262210/ssd-drives-difficult-to-wipe-securely-researchers-find/

I am not worry so much about secure erasing / reformatting a whole SSD. I am concern about leaving traces of data behind when I try to secure erase just individual files, not the whole SSD.

 

But with FDE, neither of those scenarios (reformatting a whole SSD, secure erase individual files) should pose a threat...or am I forgetting something?

 

This is true. But best security has more than one layer.

If you make everything depend on only the encryption, then if the encryption is broken or if the computer is access while running, the data is vulnerable.

 

I can recommend reading this :

Abstract : TRIM is 'secure delete' ..

 

There are two sides to the coin regarding SSD. It also makes forensics very difficult. One researcher calls garbage collection on SSD drives "the ultimate anti-forensics tool":

http://forensic.belkasoft.com/en/why-ssd-destroy-court-evidence

http://news.techworld.com/security/3263093/ssd-firmware-destroys-digital-evidence-researchers-find/

http://security-forensics.co.uk/forum/viewtopic.php?f=12&t=544

http://www.forensicswiki.org/wiki/Solid_State_Drive_(SSD)_Forensics

http://www.jdfsl.org/subscriptions/JDFSL-V5N3-Bell.pdf

 

Would Secure wiping with the Gutnam method, then installing a new OS, and then encrypting before writing any new information achieve the same effect?

 

What's wrong with using the SSD's built-in 'secure erase' ?

35 Gutmann-passes is pointless, also on SSD's ...

 

Interesting informations.
The King article show that which OS you use is very important. Windows 7 support TRIM so the SSDs with Windows 7 wiped the files. Windows XP and Ubuntu (King article from 2011) did not!
The Gubanov article (from October 2012) also says "SSDs self-destroy court evidence, making it difficult to extract deleted files and destroyed information (e.g. from formatted disks) close to impossible. . .Old versions of Windows, Mac OS and Linux do not support SSD's garbage collection mechanisms, and are also exceptions."
So SSDs might be more secure in some way than disk HDD, but only if you use the right OS!

Also, the Gubanov article mention how encryption software can hide the data from the TRIM command. "Somewhat counter-intuitively, information deleted from certain types of encrypted volumes (some configurations of BitLocker, TrueCrypt, PGP and other containers.) may be easier to recover as it may not be affected by the TRIM command. Files deleted from such encrypted volumes stored on an SSD drive can be recovered (unless they were specifically wiped by the user) if the investigator knows either the original password or binary decryption keys for the volume." And TRIM does not work fully in Windows if not using NTFS file system.

The King article (again 2011, so maybe it is different now) also show that success of data recovery depend on which SSD being used. They are not equal!
The Corsair, Crucial and OCZ SSDs even with TRIM did not completely erase all the data but the Intel SSDs with TRIM did.

The King article also show data recovery was much more easy for small size files (900kB) than for large size files (650MB).

 

Anyone know if most of the popular linux distro today fully support TRIM?
Like Ubuntu, Mint and for security TAILS and Liberte?

 

Seems default Linux does not support TRIM.
In Ubuntu, user has to activate TRIM or it is not working.
http://ubuntuforums.org/showthread.php?t=2106852

TAILS Linux has warnings that secure erase maybe is not reliable on SSDs and USB flash drives.

https://tails.boum.org/doc/encryption_and_privacy/secure_deletion/index.en.html

 

I am surprise this subject does not receive more attentions.