4

The proper way to secure erase a SSD is to issue the SECURITY ERASE UNIT command. Then the SSD controller should send a BLOCK ERASE command to all physical blocks.

One caveat: the SSD has to be connected directly to the SATA interface. Don't use a SATA-to-USB adapter!

Since we cannot plug an USB pen drive into a SATA port, what is the proper way to secure erase a USB pen drive and restore its factory default state?

This will not do the trick:

$ sudo hdparm --security-set-pass PASS /dev/sdb
$ sudo hdparm --security-erase PASS /dev/sdb

Before marking this question as a duplicate: most duplicates are closed and suggest to dd everything several times, but that won't restore the factory default state.

  • so, you've seen this, then? https://security.stackexchange.com/questions/62253/what-is-the-difference-between-ata-secure-erase-and-security-erase-how-can-i-en – schroeder Sep 18 '18 at 19:38
  • and things like this: https://skrilnetz.net/the-truth-about-how-to-securely-erase-a-solid-state-drive-ssd/ (can't do it on USB) – schroeder Sep 18 '18 at 19:39
  • A SSD should execute the SECURITY ERASE UNIT command by sending a BLOCK ERASE command to all physical blocks. Then the factory default state should be restored. [Unfortunately not all SSDs execute this command properly](http://cseweb.ucsd.edu/~swanson/papers/Fast2011SecErase.pdf). But the SECURITY ERASE UNIT command is part of the ACS (ATA Command Set) and i think this command cannot be issued against an USB pen drive. –  Sep 18 '18 at 19:43
  • 1
    +1 for an interesting question. You probably know more about this than I do, but it seems like you're making a lot of assumptions that all SSD manufacturers implement the secure erase interfaces (and implement it properly). Given that USB sticks are a race-to-the-bottom industry, even if there is a standard, I wouldn't bet my data that every vendor implements it, or implements it properly. On the surface this seems like a case where the only correct answer is _"Check the owner's manual of your device"_. – Mike Ounsworth Sep 18 '18 at 19:47
  • 1
    Also, would you consider a USB stick to be "in the factory state" if it executes a RESET command, but skips bad blocks where the NAND gates are beginning to fail? My understanding is that cheap USB sticks are prone to getting bad blocks, and I assume it's possible for them to fail in a mode where data is still recoverable. – Mike Ounsworth Sep 18 '18 at 19:53
  • 1
    @MikeOunsworth I would actually not be surprised if most USB flash drives did not even support sector remapping. After all, they're so simple they are limited to dynamic wear leveling. – forest Sep 19 '18 at 05:52

1 Answers1

0

Unfortunately, there is no standard way to do this. USB flash drives are not the same as SATA drives and they do not follow the same specifications. There is no way to initiate the ATA Secure Erase because such a function is not even part of its firmware. Additionally, because of the way the firmware operates (dynamic wear leveling and overprovisioning), you cannot actually wipe everything on the device just by writing to the block device, as is explained in more detail in this answer.

The most effective way to wipe a USB flash drive is to only write encrypted content to it and forget or destroy the key. If that is not an option, then physical destruction is a requirement. No software is able to securely erase the data on an average USB flash drive with sufficient effectiveness.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
forest
  • 64,616
  • 20
  • 206
  • 257
  • Most of the time, it isn't about secret data. People just want to re-use their UFD. For example: resetting your UFD every now and then for peace-of-mind. (Wipe any possible infection.) –  Sep 20 '18 at 16:04
  • @FPU Is the worry that there is malware on the device? If that's the case, just format it once. – forest Sep 21 '18 at 01:23
  • [Stuxnet](https://en.wikipedia.org/wiki/Stuxnet) has shown that a really persistent infection can survive a format. Apparently, nasty malware is able to hide inside the HPA (Host Protected Area) or is able to alter the DCO (Device Configuration Overlay) or maybe even something else we don't know yet. IIRC, a secure erase should get rid of everything and restore the factory default state. –  Sep 23 '18 at 13:40
  • @FPU Malware may be able to hide data in the HPA, but won't be able to actually use that data. Not to mention, secure erasure does not alter DCO anyway. What _can_ be done by malware is modify the firmware of the drive, but that is pretty advanced and cannot be avoided without special hardware for analysis. – forest Sep 24 '18 at 02:32
  • Thanks. Right now, i think plain old optical discs (CD-R or DVD+R) are still safer than UFDs for use-cases where security/data-integrity is crucial. No firmware, no DCO, just bytes on a disc. –  Oct 11 '18 at 19:39
  • @FPU That depends on the drive. Some drives may allow updating firmware from hidden areas on optical discs in the same way they add revocation keys for DRM. – forest Oct 14 '18 at 02:52
  • What about read-only disc drives? –  Oct 22 '18 at 16:44
  • @FPU In theory, a read-only disc could still be malicious, if I understand what you're asking. – forest Oct 24 '18 at 02:41