hi all, I came across a problem which seems to reamin unresolved but not taken seriously by many liberation tech coders. maybe this has been discussed already some years ago, but i think it might be good to rediscuss it anyway, since flash memory use is growing rapidly.
Flash memory is using a technique called wear leveling [1], which uses all physical blocks of the sd card equally to prolong its life time. A side effect of this smart approach is that it becomes nearly impossible for wiping applications to overwrite all blocks that were used by one file since they are distributed almost randomly across the memory card and the controller between the physical and logical level would not allow an application to access the physical layer directly. If it is okay to delete the whole card or whatever incarnation of flash you have there, the scene is a bit different as the wear leveling logic will write data on all blocks albeit not in any order you can trace. There are many applications around that claim to secure wipe flash, I only pick this one, because I like the guardian project and take anything happening there seriously: the app Data Wipe (“Poison Pill”) [2]. On http://lab.safermobile.org/wiki/InTheClear it says: "Data Wipe While Emergency SMS is designed to send alert messages to your contacts, Data Wipe helps protect you and your personal network by removing sensitive information from your device just as easily. A mobile device is often the first personal article confiscated by authorities, and it only takes a browse through your list of contacts to discover your social network. This puts others in your social networks at immediate risk as well. While some mobile devices provide easy ways to erase or hide address books, performing this action manually can take time that is often not available. Data Wipe lets you pre-configure a specific set of rules to erase or overwrite your personal data at a moment's notice." This is not possible: to overwrite specific blocks of flash memory. the controller doesnt allow direct access. Here you find one of the android version's lines of code that "wipe": https://github.com/guardianproject/InTheClear/blob/master/projects/android/src/org/safermobile/intheclear/data/PIMWiper.java I see the point of this app and it might be really helpful vis-a-vis non trained attacks. But once the phone is in a forensic lab, one can bypass the flash controller and access the physical layer directly, retrieving all the data that was "wiped" with this app. See "Data Remanence in Semiconductor Devices" for a longer discussion by Peter Gutmann: http://www.cypherpunks.to/~peter/usenix01.pdf If I am right, then the only real solution is to safe sensitive data on e.g. smartphones in an encrypted container from the start. But how can you make sure, that some dump app doesnt write it into a tmp directory while you are working on it? Only by full disk encryption, I guess, then it doesnt matter. -oli [1] https://en.wikipedia.org/wiki/Wear_leveling [2] https://guardianproject.info/apps/ _______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
