Mac fail: SSD security

Mac fail: SSD security

Summary: Apple consumes 50% of the world's NAND flash - and their flagship OS can't securely delete SSD data. Isn't total control of the hardware and software supposed to improve integration?

SHARE:

SSDs, Mac OS X and data security don't mix. Not only does the standard file delete not delete files - which savvy readers already know, but even the Mac's "Secure Erase Trash" function leaves 2/3rds of a file recoverable.

"Fake Erase" perhaps?

The SSD problem Vendors have struggled to make flash SSDs look like disk drives even though the underlying media are very different. Hard drives associate a physical location with each logical block address (LBA). SSDs don't.

And that's the security problem.

Our secure file deletion tools assume that the data is stored in a set physical location. If the LBA is written to, the existing data at that LBA can be presumed to have been overwritten. (Bad block replacement is the big exception to that general rule.)

But on flash-based SSDs, the firmware that makes flash look like a disk - the flash translation layer (FTL) - is constantly changing the physical address of the data. When the OS issues an overwrite, the FTL overwrites only the most recent location the data - leaving older locations untouched.

The research This is a problem for all file systems, but according to a paper presented at FAST '11 last week, Mac OS 10.6 Secure Erase Trash command did an especially poor job.

The UC San Diego researchers, Michael Wei, Laura M. Grupp, Frederick E. Spada and Steven Swanson, ran 14 different file overwriting utilities 3 times on SSD and USB drives. They then disassembled the drives to electronically access the flash chips to see what data they could recover.

Here's the table of their results:

Oddly enough, Secure Erase Trash was much more effective on cheap USB drives than on SSDs - the reverse of most of the other overwriting techniques.

What about Windows? Windows does not offer a command equivalent to "Secure Empty Trash" so they aren't misleading users about their data security. Apple chooses to offer "Secure Empty Trash" in the Finder menu so they need to ensure it does what they say.

The Storage Bits take Apple consumes 50% of the world's NAND flash - and their flagship OS can't securely delete SSD data. Isn't total control of the hardware and software supposed to improve integration?

Who, exactly, is minding the store?

No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem. But how is it that no one on the engineering team caught this problem?

Surely some engineer - from Toshiba or Samsung, flash and flash controller vendors to Apple - or in the OS X group, raised the issue of security. If that didn't flag the problem, why didn't the OS team's regression testing find it?

HFS+ is long past due for retirement. It is time for Apple to get serious about how it's products handle customer data. As an SSD-based Mac owner I'm more than a little peeved at the company's cavalier attitude.

Note that Apple's other major OS - iOS - wasn't tested. But who can have a warm feeling about the iOS remote delete facility now?

Comments welcome, of course. I'll have more on the UCSD paper later this week, but if you can't wait here's a link to the pdf of Reliably Erasing Data From Flash-Based Solid State Drives. Update: I added the What about Windows? paragraph above in response to the 1st comment.

Topics: Security, Apple, CXO, Hardware, Operating Systems, Software, Storage, IT Employment

About

Robin Harris has been a computer buff for over 35 years and selling and marketing data storage for over 30 years in companies large and small.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

77 comments
Log in or register to join the discussion
  • Goodbye, Meester Bond

    This article is unclear. It appears that the researchers compared an off-the-shelf commercial OS to a number of military-grade 'shredders' from various countries' defense departments, and found the commercial-grade OS wanting. Since Apple had the bad luck to be the only commercial-grade OS tested, they get the hit piece on ZDNet. Did I miss something?
    Robert Hahn
    • RE: Mac fail: SSD security

      @Robert Hahn <br><br>Good point. I wonder how Windows 7 or Ubuntu would perform in those same tests.
      SmAcKjAcK
      • RE: Mac fail: SSD security

        @SmAcKjAcK That'll depend on file system with Ubuntu... I have no answer for Windows 7.
        snoop0x7b
      • RE: Mac fail: SSD security

        @SmAcKjAcK Maybe that should be a response article. I shall do some research to see if there is any data on that.
        <a href="http://advanprotraining.co.uk/"><h1>Wordpress Training.</h1></a>
        WordpressGuy
      • RE: Mac fail: SSD security

        @SmAcKjAcK I strongly believe windows 7 will have a better result
        <a href="http://www.drstevenjwhitereviews.com/">Dr Steven J White Reviews</a>
        <a href="http://www.drsharonpackerreviews.com/">Dr Sharon Packer Reviews</a>
        <a href="http://www.drsydneycolemanreviews.com/">Dr Sydney Coleman Reviews</a>
        ripslyme00
      • RE: Mac fail: SSD security

        @SmAcKjAcK
        This was a really great read. Please keep the insight, opinions, and info coming. Thanks! <H1><a href="http://www.my-baltimorechiropractor.com">Baltimore Chiropractor</a></H1>
        epark732
      • RE: Mac fail: SSD security

        @SmAcKjAcK
        What about xp or pro? dont you think they need some recommendation?
        <a href="http://www.zygorguidesj.com">zygor guides</a>
        thomasutt1984
      • RE: Mac fail: SSD security

        @SmAcKjAcK
        Another great read. These articles and short informative pieces are always a delight to read and keep me coming back for more.
        <strong><a href="http://www.my-lasvegaschiropractor.com">Las Vegas chiropractor</a></strong> <strong><a href="http://www.my-sanjosechiropractor.com">San Jose chiropractor</a></strong> <strong><a href="http://www.my-sacramentochiropractor.com">Sacramento chiropractor</a></strong> <strong><a href="http://www.my-sanfranciscochiropractor.com">San Francisco chiropractor</a></strong> <strong><a href="http://www.my-minneapolischiropractor.com">Minneapolis chiropractor</a></strong> <strong><a href="http://www.my-indianapolischiropractor.com">Indianapolis chiropractor</a></strong>
        epark732
    • RE: Mac fail: SSD security

      @Robert Hahn <br>Windows 7 does not claim to perform a secure erase of any data. OS 10.6 does.<br><br>You can go to Microsoft's TechNet and download a command line utility - SDelete - that claims to zero all free blocks (-c option) or that will overwrite free blocks any number of times (-p option). But this isn't an option that civilians are likely to even know exists. <br><br>There are numerous 3rd party delete utilities for Windows, but Apple offers the option of a "Secure Empty Trash" that - if you have an SSD - doesn't do what it says.<br><br>Robin
      Robin Harris
      • But SDelete was never tested on SSD this way

        @Robin Harris: and since only people who really, really want to securely erase their data go lengths getting "SDelete" utility, importance of it's possible failure is much more significant -- even though formally it is equal.
        DDERSSS
      • You can do multipass erase options using Disk Utility...

        You can do multipass erase options using Disk Utility, however, the problem lies in part with SSD drives itself (hence the disparity in performance between a standard USB drive and a SSD drive.) In fact, you can apply a random write erase using military grade erase schemes, and the drive would still have recoverable data:

        http://nvsl.ucsd.edu/sanitize/
        olePigeon
      • OS X doesn't claim to perform a secure erase of SSDs

        so exactly what was your point? Oh, yeah. Double standards.
        fr_gough
      • sdelete is not part of Windows.

        @denisrs: [i]and since only people who really, really want to securely erase their data go lengths getting "SDelete" utility, importance of it's possible failure is much more significant -- even though formally it is equal.[/i]

        If you want to test the effectiveness of sdelete feel free to do so. However any results would be indicative of that utility only. It would have no bearing on Windows.
        ye
      • His point is the Secure Delete option in OS X doesn't do what...

        @olePigeon: <i>You can do multipass erase options using Disk Utility, however, the problem lies in part with SSD drives itself (hence the disparity in performance between a standard USB drive and a SSD drive.)</i><br><br>...it is advertised to do. Thus leaving the user with a false sense of security. The reason(s) why are irrelevant.
        ye
      • RE: Mac fail: SSD security

        @Robin Harris
        All current versions of Windows claim to perform a multipass secure erase of drive free space (i.e.- after you empty the trash) from the command line. The command is
        CIPHER /W:C:\
        (replace C:\ with any folder on the drive whose free space you want multi-wiped).
        cy11q1
      • RE: Mac fail: SSD security

        @Robin Harris - great post, and article - thank you.
        HypnoToad72
      • RE: Mac fail: SSD security

        @ye: ...it is advertised to do. Thus leaving the user with a false sense of security. The reason(s) why are irrelevant.

        Valid point! Here at <strong><a ref="http://www.counsellinginperth.com.au/">couple counsellor</a></strong> we can't afford any leaks or errors!
        BerthaCounsellor
    • Really? You Had to Chose This One?

      @Robin Harris

      Wow, the false urgency of the article, and the conspiratorial tone of the writer, makes it hard for me to take seriously. Sure, Mac OS X has offered a Secure Empty Trash option for quite some time giving it one more advantage over MS Windows.

      But the fact that such a feature no longer works on todays SSDs simply makes Macs equivalent to Windows PCs. How is that a disadvantage? Granted, the authors' point is that the OS implies that such functionality is still available. But it hardly warrants the "Oh my God! They're lying to their customers!" conspiratorial tone. I would expect this of a Windows fanboy, not a seasoned tech journalist.

      There are plenty of other areas to criticize Apple on. Really? This was the one you chose? This just sounds petty.
      GlennAC
      • RE: Mac fail: SSD security

        @GlennAC That is a good place to criticize them. A false sense of security is a lot worse than knowing you're not secure...
        snoop0x7b
    • RE: Mac fail: SSD security

      @Robert Hahn The commercial grade OS's secure delete feature is comparable when you're talking about traditional media, which is why this comparison is worth making. These military grade data deletion algorithms are also publicly available...

      Part of what he's exposing is how HFS+'s filesystem driver does not handle SSDs correctly for secure deletion.
      snoop0x7b