MacOS

How to Securely Erase Removable Media Using Mac OS X

Our collective awareness is now sharply focused on issues of third party data collection, surveillance and data exfiltration. This is a welcomed change and long overdue, but government, corporate, or criminal collection of data from our online activities accounts for only part of the overall threat to private or sensitive data.

Physical loss, theft or improper disposal of laptops or removable drives is the most common data breach of electronic personal health information. You need only use the breach tool at the US Department of Health and Human services for a sobering confirmation of just how frequently these collectively occur.

Much has already been written about using file or full drive encryption to protect against surveillance, physical loss or theft. Less attention is paid to improper disposal, but dumpster diving incidents still expose thousands of individuals to personal identifying or health data disclosure (1, 2), as do resale of laptops or drives on auction sites.

Criminals are quite comfortable with and routinely use encryption to obfuscate malware. They also employ encryption in ransomware (CryptoLocker). Your encrypted data are vulnerable, too: once physical possession of a drive is obtained, time favors the criminal or attacker. If he feels the improperly disposed data are sufficiently valuable, he can try commercial or custom software to recover encrypted data.

Encryption is good, and without question raises the bar for protecting data. Secure erase raises it further. Secure erase "writes over" the actual contents of your volume, not just the "metadata" that describes them. Only degaussing or data destruction are more effective. 

Securely erasing drives before disposal makes sense and it’s easy to do using Disk Utility's Erase feature on a Mac. Backup whatever data you want to keep, and choose one of the following options.

Securely Erase MacBook Internal Drives 

If you want to securely erase the internal drive of a MacBook before you sell or trash it, you’ll have to (a) boot Disk Utility from a Mac OS X Installation DVD for versions up to and including 10.6 or (b) boot the utility from the OS X Recovery Partition. Both of these are very neatly explained at MacTip.net.

Securely Erase Removable (USB) Drives

To securely erase a removable pen/thumb drive or external drive from a MacBook, connect the drive and run Disk Utility directly from Mac OS X.

1) Choose the Erase Tab, select your formatting options, then click on Security Options...

Diskutility2

2) Use the slide bar to choose your erase option. Below, I select the Most Secure option available:

Diskutility3

3) Secure Erase of a 4 GB Thumb Drive takes 20-50 minutes, so you can do this as a background task. 

DiskUtility6

4) Secure Erase of an Hard Drive mounted in an external USB enclosure can take much longer. I typically do this overnight.

Diskutility5

I use the USB option when I retire PC laptops, too, by removing the internal drive and mounting it in a USB drive enclosure as shown in (4). It's often not necessary to retire a laptop and everything in it at the same time. Drives may outlast a laptop’s utility, especially if an expensive component other than the drive fails or is damaged. And if the drive does fail, I suggest you either keep it or destroy it.

Should I Bother?

If you have drives or removable media on which you've stored personal identifying information, healthcare information, sensitive business data, confidential or classified data, whether yours or others, you should at least encrypt these data. Secure erase may seem like overkill, but all you're investing is a few minutes to configure Disk Utility. The rest is simply a matter of devoting idle CPU cycles to an effective privacy measure.


Must Read for Infosec Pros: Rich Mogull on Apple Security Strategy

You may have missed this jewel of an infosec post by Rich Mogull amid the hashtag avalanche of NSA, PRISM, or FISA articles last week. Rich's post, Apple Security Strategy: Make It Inivisible, impressed me as shedding light on singularly important design objectives that all information security efforts ought to consider. The post is both a really insightful article about Apple's security design and philosophy, and a learning opportunity for security designers or practitioners generally. 

Among the many insights Rich shares, these three messages in particular could form the basis for secure implementation or deployment:

  1. "Good user experience doesn't have to come at the expense of leaving users vulnerable to security risks."

    Challenge the widely asserted notion that "you can have security or usability but not both" (Yes, there are variants that add other characteristics such as performance). A recent Washington Post article asks why NSA-proof encryption is available but not widely used. The list of reasons are sadly similar to the list one might have composed in the 1990s. One of the principle inhibitors is the fear of losing the password that users create to protect private keys. Rich notes that Apple's FileVault 2 achieves both security (encryption) and usability (recoverability).
  2. "The more you impede a user’s ability to do something, the more likely that user is to circumvent security measures, so avoid this as you design."

    There may be no more obvious assertion in infosec than this, but I can't think of a single operating system I use that doesn't fail in some respect to consider this design essential. 

    However, I'd broaden this beyond circumventing a security measure to include having to temporarily override the measure when the user has more (trust) information than the device or OS. If I inventory all my device's OSs, I can quickly recall examples where I'm forced leave an application to alter a security setting  to deal with an exception condition (Android's "unknown source", for example) and then must remember to return to the more secure setting once I've dealt with the exceptional circumstance. Micro-managing Java in the Browser as Rich describes in this article is a good example of how to mitigate this threat.
  3. "Tackle a real-world security issue by trying to make that issue simply go away for the average user."

    Leveraging cloud services to help the average user manage security features across a myriad of devices (including her own) as Apple has done with iCloud Keychain is promising and infosec ought to think more in this direction.

Read Rich's article for the full effect.