13

What is a repeatable way of destroying SSDs? For example, if i opened it which part could i take out and destroy for just the data(How to identify the actual "storage unit")?

Case 1. Normal user that wants to be reasonably sure that their data is not easily recovered?

Case 2. Consider that the data is sensitive and the drive is already encrypted. The requirement is that the data should be forever irrecoverable which means the encryption in itself is not enough to satisfy the requirement.

Intent: SSDs are electronic compared to its mechanical counterpart so the answer in the question How do I destroy a hard disk? is not applicable because of their inherent differences. I'm all for updating the original question(Making it canonical) based on this question and closing this as a duplicate afterwards.

Community
  • 1
artifex
  • 1,634
  • 1
  • 17
  • 22
  • 1
    Why is it not sufficient to secure erase the drive? – Michael Hampton Jun 02 '13 at 22:12
  • 1
    "which means the encryption in itself is not enough"... because? The cipher could be broken in 40 years? – Hauke Laging Jun 02 '13 at 22:13
  • 1
    @Hauke Laging, Michael Hamption - Can you ensure that the the secure erase erases all data? What if the software inside the disc is interfering with that process(For example the optimization of read/write that spreads it evenly over the entire media) - Yes the data should not be recoverable in 40 years (Seriously). – artifex Jun 02 '13 at 22:19
  • No, I suppose you can't be sure. I have seen firmware bugs cause secure erase to only erase part of a (spinning) drive. Physical destruction seems to be the only way. – Michael Hampton Jun 02 '13 at 22:21
  • I hope the physical security of the drive **before** you decide to erase it is equivalent to the 40 years requirement... LUKS spreads the keys over nearly 4 MiB as a protection against firmware effects. And you can use two layers of encryption (different ciphers). Just in case you don't get it burnt soon enough. – Hauke Laging Jun 02 '13 at 22:29
  • @Ward Not really. There are companies that specialize in media destruction. Even my company makes use of them ;) – ewwhite Jun 02 '13 at 22:30
  • 1
    @Hauke Laging. Yes during its usage period the data is secured physically. This is about destroying individual storage media after that period is over. Ensuring that all sources for the material is known(Only archives, if they are required, exist). Individuals have the right to privacy even after 40 years. – artifex Jun 02 '13 at 22:42
  • 2
    I think it's worth mentioning that some Intel SSDs encrypt the data using AES by default. You can "secure erase" the drive, which wipes the AES key and thus should reasonably ensure that the data is not recoverable once you've written again over the entire disk. – gparent Jun 03 '13 at 00:50
  • @MichaelHampton Because the question is about SSDs. The wear leveling means that any kind of overwrite will leave unmodified data in the chips. – Scott Pack Jun 03 '13 at 01:55
  • 1
    I see you're under the impression that the techniques in the other Question do not apply to SSD - this is incorrect. They do work. The accepted answer there has everything you need to know for decommissioning SSDs. – Chris S Jun 03 '13 at 02:02
  • @ChrisS: *Some* of the methods for HDs work on SSDs, but not all. Overwriting only sort-of works (see Matt Simmons' answer), degaussing is irrelevant, sandblasting probably will just scatter the parts (and a determined adversary could reassemble them, on a new PD board if necessary), drilling will work *IF* you hit all of the storage chips... – Gordon Davisson Jun 03 '13 at 06:11
  • @Gordon I didn't say all the methods in that answer work, but people really need to be less creative. I have few patience for people who apparently have enough spare time to think all that crap up. Zero, Secure Erase, and Shredding/Pulverizing are the only three methods anyone needs for any storage device (each provides a different level of irrecoverability). – Chris S Jun 03 '13 at 12:54

6 Answers6

14

So, some research has been done on this.

According to SSD researchers Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson, who presented the paper, "Reliably Erasing Data from Flash-Based Drives" (PDF warning), quote:

...our results lead to three conclusions:

First, built-in commands are effective, but manufacturers sometimes implement them incorrectly.

Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive.

Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs

The reason that simply erasing a flash drive doesn't work (or encrypting it and throwing away the key) is that the flash controller implements a "Flash Translation Layer" (FTL), which abstracts the physical location of the data on the flash chips from the Logical Block Addressing (LBA) that the computer uses to refer to data locations on disk.

The primary benefit that is derived from FTL is the ability to have more space on the chips than in the LBA - in other words, you can have a flash drive with 128GB of flash chips, but thanks to the FTL, it only reports 120GB. This is done to extend the lifetime of the drive, and to aid in wear leveling. It's common for this kind of under-provisioning to happen (if you look at most of the SSD drives on the market today, you'll see their capacity as being close to, but not at, a power of two - they contain the power-of-two amount of flash chips, but underreport it to increase lifetime).

The side effect of this is that if you have a 120GB drive and overwrite it with 120GB of zeroes, there are still 8GB of flash chips that hold old data, which can be recovered through electrically extracting them independent of the FTL. So it's necessary to erase twice (usually, though as it mentions in the article, even that doesn't always work on particularly odd controllers).

So that leaves physical destruction of the flash chips as being the only way presently to guarantee data inaccessibility.

Matt Simmons
  • 20,218
  • 10
  • 67
  • 114
12

Just burn them - seriously, any old fire will do, even a barbecue.

Chopper3
  • 100,240
  • 9
  • 106
  • 238
  • 8
    SSDs roasting on a open fire... Jack Hacker nipping on your code... – Fiasco Labs Jun 02 '13 at 22:38
  • 1
    Note, this is illegal in the US and many countries... Many recyclers have shredding machines that will make fine powder of sensitive materials to avoid legal problems. – Chris S Jun 03 '13 at 02:03
  • 1
    I have this picture of you at a barbie, snags on one side, pile of SSDs on the other, and I almost commented "How do you make sure the toxic smoke doesn't affect your snags?" - my god it's been a long day... – Mark Henderson Jun 03 '13 at 06:18
  • @ChrisS unless the OP has tens of SSDs to destroy (which would release enough smoke to attract the neighbors, police and the firemen), burning one is effectively a perfect crime. – Dmitry Grigoryev Oct 29 '15 at 10:36
8

We have a pretty canonical answer on this on Security Stack Exchange. So much so that it led to one of our top blog posts of all time: http://security.blogoverflow.com/2012/02/qotw-18-how-can-we-destroy-data-on-a-hard-drive/

That post includes a range of actions including degaussing, destruction, manual disassembly, disintegration, incineration, pulverizing, shredding, melting, Electrical scrambling and my favourite:

Wanton Destruction

In reality though, the simplest option with an SSD is to have the entire device as an encrypted volume and when you want it wiped just lose the key. At that point it is effectively random data.

Rory Alsop
  • 1,184
  • 11
  • 20
  • 2
    Although I can get behind the argument that given a sufficiently strong key, the data can be considered unrecoverable if the key is actually lost, it's impossible to guarantee that all copies of the key are accounted for and destroyed (and once they're destroyed, how do you guarantee what they were stored on is cryptographically secure?) – Matt Simmons Jun 03 '13 at 00:48
  • 1
    DESTROY ALL THE DATA!! – Scott Pack Jun 03 '13 at 01:56
3

A software-only approach may not be enough in some cases, depending on your requirements. (e.g. encryption algorithm can be broken at some point in the future)

You can shred the PCB inside of the SSD quite easily, though. That assumes that you do not intend to use the drive again.

The approach that we use is to send disks off for destruction using a media disintegrator. Really... :) There's an audit trail and we provide tracking information to customers. Maybe that's overkill for your situation, but it's an option.

Would this be a single SSD or is it a member of a RAID array? I think there are some other options that are dependent on the RAID technology in use, if you need to reuse a device that's a RAID member.

Community
  • 1
ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • For my case its safe to say that they almost never will be part of an RAID array, at least currently. – artifex Jun 02 '13 at 22:23
  • 1
    Yeah, then send them off for proper disposal. Go with a resource that has something like [this](http://www.datadev.com/mediavisessd.html). – ewwhite Jun 02 '13 at 22:27
1

Sledgehammer. Oddly therapeutic. One good whack and it's toast.

dmourati
  • 24,720
  • 2
  • 40
  • 69
-1

I am sorry but this is the fastest and the most secure way to destroy your data either on SSD for spinning disk. http://www.youtube.com/watch?v=yd_O7-rqcHc

Fred
  • 9