Top 5 #infosec reads: April 14-18, 2014
Top 5 #Infosec Reads April 21-25, 2014

How to Securely Erase Removable Media Using Mac OS X

Our collective awareness is now sharply focused on issues of third party data collection, surveillance and data exfiltration. This is a welcomed change and long overdue, but government, corporate, or criminal collection of data from our online activities accounts for only part of the overall threat to private or sensitive data.

Physical loss, theft or improper disposal of laptops or removable drives is the most common data breach of electronic personal health information. You need only use the breach tool at the US Department of Health and Human services for a sobering confirmation of just how frequently these collectively occur.

Much has already been written about using file or full drive encryption to protect against surveillance, physical loss or theft. Less attention is paid to improper disposal, but dumpster diving incidents still expose thousands of individuals to personal identifying or health data disclosure (1, 2), as do resale of laptops or drives on auction sites.

Criminals are quite comfortable with and routinely use encryption to obfuscate malware. They also employ encryption in ransomware (CryptoLocker). Your encrypted data are vulnerable, too: once physical possession of a drive is obtained, time favors the criminal or attacker. If he feels the improperly disposed data are sufficiently valuable, he can try commercial or custom software to recover encrypted data.

Encryption is good, and without question raises the bar for protecting data. Secure erase raises it further. Secure erase "writes over" the actual contents of your volume, not just the "metadata" that describes them. Only degaussing or data destruction are more effective. 

Securely erasing drives before disposal makes sense and it’s easy to do using Disk Utility's Erase feature on a Mac. Backup whatever data you want to keep, and choose one of the following options.

Securely Erase MacBook Internal Drives 

If you want to securely erase the internal drive of a MacBook before you sell or trash it, you’ll have to (a) boot Disk Utility from a Mac OS X Installation DVD for versions up to and including 10.6 or (b) boot the utility from the OS X Recovery Partition. Both of these are very neatly explained at MacTip.net.

Securely Erase Removable (USB) Drives

To securely erase a removable pen/thumb drive or external drive from a MacBook, connect the drive and run Disk Utility directly from Mac OS X.

1) Choose the Erase Tab, select your formatting options, then click on Security Options...

Diskutility2

2) Use the slide bar to choose your erase option. Below, I select the Most Secure option available:

Diskutility3

3) Secure Erase of a 4 GB Thumb Drive takes 20-50 minutes, so you can do this as a background task. 

DiskUtility6

4) Secure Erase of an Hard Drive mounted in an external USB enclosure can take much longer. I typically do this overnight.

Diskutility5

I use the USB option when I retire PC laptops, too, by removing the internal drive and mounting it in a USB drive enclosure as shown in (4). It's often not necessary to retire a laptop and everything in it at the same time. Drives may outlast a laptop’s utility, especially if an expensive component other than the drive fails or is damaged. And if the drive does fail, I suggest you either keep it or destroy it.

Should I Bother?

If you have drives or removable media on which you've stored personal identifying information, healthcare information, sensitive business data, confidential or classified data, whether yours or others, you should at least encrypt these data. Secure erase may seem like overkill, but all you're investing is a few minutes to configure Disk Utility. The rest is simply a matter of devoting idle CPU cycles to an effective privacy measure.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)