Art students – or at least those at the University of Northern Iowa – are the most likely to know how to permanently delete data from USB drives, while business or humanities students don't even try.
That's one amusing conclusion of a serious study, led by the US university's Sarah Diesburg, into how people treat the security of their flash stick data.
We've known for years that folks in general just don't know how to securely delete data from USB drives, and this fresh research confirmed it: too many people, Diesburg found, think dragging a file into the trash can destroys it, and too few try a full format of a drive.
A full format writes zeros over the filesystem structure and the data it holds, therefore completely obliterating it. A quick format just wipes the structure, leaving the information behind to be pieced back together. A delete usually just removes records about the document from the filesystem structure, leaving its contents behind.
Obviously, you want at least full format, but users don't know that, Diesburg writes. Even better, you should do a full format, then fill up the drive fully with random data, then format it again. Or ... just use a hammer because the wear-leveling algorithms in the flash chips will probably mess up attempts to overwrite data.
Another alternative is encrypting the entire filesystem and then destroying the key, rendering the scrambled data useless to anyone if the cryptography is strong enough.
For this study, destruction of the gadgets was off the table, leaving just software solutions. According to a paper submitted to Arxiv by Diesburg and her collaborators, up to 60 per cent of the drives they checked had recoverable data on them. The test was run across two groups of devices: one set was bought secondhand from eBay and Amazon Marketplace (described as "market drives" in the study), while the others were obtained directly from users by offering to swap old drives for new ("buyback" in the study).
(That data is recoverable isn't a new finding, since a 2011 study, also cited in the new paper, looked at the ineffectiveness of the Windows or OS X trash can.)
In this latest study, only 10.3 to 13.5 per cent of users tried to perform a full format on the drives later obtained by the researchers, while one-third of the drives' files were completely intact – there was no attempt to delete any data.
One of the buyback drives a student gave to the researchers contained private keys for Bitcoin and Litecoin. (That user was clearly confused about what you do to delete data: "I just transferred my flash drive data onto my personal computer.")
Here are the results, categorized by field of study:
- Humanities – undeleted data was present on nearly half the drives, and only 10.8 per cent had undergone a full format.
- Arts – nobody left undeleted data on the drives, 44.4 per cent had run a "quick" format, and 33.3 per cent had run a full format.
- Science / Engineering – undeleted data found on 31.7 per cent of drives, and only 10 per cent had undergone a full format.
- Business – nearly as bad as humanities students, with undeleted data on 43.8 per cent of drives, but pretty good on the full format option at 18.8 per cent.
To be fair, business students were the least likely to have sensitive data on the drives in the first place (43.8 per cent), but arts (55.5 per cent) still beat science/engineering (61.7 per cent) and humanities (64.9 per cent).
The researchers say that since people have such a poor understanding of how hard it is to securely delete data from USB drives, operating system developers ought to consider some user interface changes, or to make strong deletion the default.
Even better, they note, would be if USB storage devices were encrypted by default. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks