Security flaws exposed in ‘erased’ hardware

There are “significant flaws” in commercial data erasing applications used by companies on system hard drives before system resale. These can leave data unsecured even when erasure appears to have been successful, leaving in some cases many megabytes of confidential data intact. This is the key finding of research conducted by eTesting Labs under contract to US asset recovery software provider Redemtech. It found flaws to varying degrees “in the majority of commercial erasure applications tested”. Tests were carried out on eight on a variety of computer types using conventional methods (Redemtech’s disk erasure software did not fail). In some cases, data was left in large contiguous blocks at the end of drives. eTesting Labs notes: “Incomplete erasures may leave the user with a false sense of security that all hard drive data is erased when in fact, it is not.” Warnings apply to Infraworks Sanitizer, Ontrack DataEraser, NTI Diskscrub, Norton Wipeinfo/Wipedisk, Blancco Data Erasure, East-Tec Disk Sanitizer, Wipe Clean (freeware), and IBAS Expert Eraser. Says Bob Houghton, Redemtech president: “Many corporations have a false sense of security because they have never professionally audited their technology retirement practices. In routine audits of PCs supposedly erased by the customer, we find data 100% of the time in up to 24% of the machines we examine.”