|
|
Volume
22
No.
4  March/April
2007
Safe Computing:
Erase Data from Devices Before You Sell or Recycle
• Monique Yeaton
Most of us are aware of the security risks associated with using computers and mobile devices. If you misplace your laptop or cell phone, or leave it out in the open, your data could fall into the hands of unscrupulous individuals. Many users take precautions, encrypting sensitive data and getting STOP tags for theft deterrence. Surprisingly, though, few people realize that there are similar risks associated with recycling or selling computerized electronics.
Mobile Devices
When you’re ready to buy a new mobile device, such as a Treo or regular cell phone, often the one you are replacing is just a few years old. There are plenty of people who will happily buy a used phone or PDA – and it’s a good way to keep them out of landfills.
A recent study by the security firm, Trust Digital, shows that data from previous owners can be easily retrieved from used phones acquired through sites such as eBay. Resetting a phone, a popular practice among sellers, appears to erase data. But this data can be resurrected using specialized yet inexpensive software found on the Internet.
According to Trust Digital, “Because phone and PDA data is stored in flash memory, it’s retained even if the device’s battery is drained or removed. To delete flash memory data, users have to do a ‘hard reset,’ which returns the hardware to original factory condition. Each phone and PDA maker has a different hard reset procedure; some can only be done by a technician or after contacting the phone service’s help desk.”
In other words, deleting information using the “clear” option in the interface is not a secure method for erasing data. Instead, use one of the following options to erase data from your phone or PDA for good.
- Follow the instructions for erasing data in the manual or on the manufacturer’s web site.
- Go to the Wireless Recycling site. It provides a “Cell Phone Data Eraser” with instructions for most models of cell phones and PDAs.
- If you are donating your device to a charitable organization, ask if they will change out the software. This will erase any trace of ownership and remove the phone book and other private information.
- If applicable, remove your device’s Subscriber Identity Module (SIM) card. This portable memory chip, used in some models, holds your personal identity information and may contain phone book information and text messages.
- When in doubt about whether sensitive information is retained on your device, you may want to consider the alternative of physically destroying it.
Computers
Recycling or reselling an old computer also poses risks and is more complicated than you might think. Because disposal involves planning, time, and money, old computers often end up in closets, attics, and warehouses gathering dust. According to the International Association of Electronics Recyclers, “About 100 million pieces of computer equipment a year are being added to the massive heap of what’s called ‘e-waste.’ By 2010 that heap will contain one billion units of computer equipment.”
Whether you plan to recycle or sell an old computer, be sure to delete the data on it as your first step in decommissioning it. If you wait to do this later on, you may not be able to find the plug or get the computer to boot, but that doesn’t mean someone else might not find a way to access the data on it.
Deleted data can often be retrieved. Tossing files into the computer’s trash bin and then emptying the trash deletes the record of the file, but not the data the file points to. Think of it as removing the labels from folders in a file cabinet: the folders and information in them still exist, even if retrieving the data now takes more time and effort.
The same is true if you reformat a hard drive: it is still possible for someone with the right tools to retrieve data on the drive.
If you plan to sell or recycle a computer, IS&T recommends that you take these steps.
- Make sure the hard drive is completely erased (“wiped”). You can either do this yourself or pay someone to do it for you. The potential liability if sensitive data gets out easily justifies the cost.
- If wiping the drive yourself, use a utility tool that overwrites every sector of the hard drive with binary 1s and 0s. Tools that meet government security standards overwrite each sector multiple times for added protection. Windows and Linux users can download Darick’s Boot and Nuke (DBAN), which is free. Other products for Windows include cyberCide, KillDisk, WipeDrive, and DataEraser. They are all fairly inexpensive.
For Macintoshes with Mac OS X 10.4 installed, you can use Disk Utility’s secure erase options.
• Use a service, such as GreenDisk’s Computer and Component Recycling, to securely dispose of old computers.
• Don’t forget that other storage devices such as USB flash drives and iPods can also contain private information. Before selling or recycling, these also should be erased using the manufacturer’s recommendations.
If the data on a computer is classified or highly sensitive, you can take extra measures to make sure the data is unrecoverable – beyond the reach of any decryption tool. For instance, you can take a hammer to the disk platter. Altenatively, there are businesses that will put the disk platter through a shredder, physically altering it, or degauss it, which alters the magnetic storage media. For more about data destruction, see the eWEEK article “E-cyclers Embrace Data Destruction.”
is&t
Home |
is&t
Back Issues | Volume
22 | No.
4
|
![[i/s Home]](/ist/isnews/pictures/ishome.gif){kind=small}
![[Distribution]](/ist/isnews/pictures/distribution.gif){kind=small}
![[Search]](/ist/isnews/pictures/search.gif){kind=small}
![[Back Issues]](/ist/isnews/pictures/backissues-selected.gif){kind=small}
![[Publications]](/ist/isnews/pictures/publications.gif){kind=small}
![[Feedback]](/ist/isnews/pictures/feedback.gif){kind=small}