Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

A Garbage Can for Hard Drives

New magnetized units to wipe away the data in seconds

Imagine dropping a hard drive into a trash can, and within a few seconds, being certain that the sensitive data it contained will be gone forever.

That's the promise of a new technology currently in development at L-3 Communications Corp., an IT services and security systems maker which has been researching the technology for more than a year. The new product, which researchers are calling a "data trash can," is about four to six months away from becoming a commercial product, according to engineers working on the project.

L-3's commercial technology, which might eventually be licensed and sold by another vendor, is an outgrowth of recently-published research by L-3 and the Georgia Institute of Technology on fast, comprehensive hard drive erasure. (See Researchers Find Technique to Quickly Erase Hard Drives.) Working on a method to help military agencies quickly destroy data in a combat zone, the Georgia Tech researchers have developed super-powerful permanent magnets that can penetrate hard-disk enclosures to quickly erase the data inside.

"It is basically a data trash can capable of erasing high coercivity media, even inside heavy gauge steel," says Michael Knotts, who leads the project for Georgia Tech. "The data on any magnetic media you throw into the device is rendered toast. It is completely unrecoverable, even given unlimited time and access to state-of-the-art forensic equipment."

In its current military form, the trash can is over 125 pounds and is designed to destroy data on large, combat-hardened hard drives in steel-protected caddies. But a smaller, lighter product that could be used on PCs and server drives, tapes, and other storage media is already in the works and could be ready before the end of the year, according to Jim Turner, senior staff engineer at L-3's ComCept division in Rockwall, Texas.

"It's definitely doable in a commercial form factor that would be competitive in price with other products that have been made for the same task -- in fact, it might be even a little less expensive," Turner says.

While the vendor isn't discussing exact pricing, comparable units run in the low five figures.

The problem of PC and server drive disposal has been a thorny one for years, giving rise to a whole range of technologies and services for overwriting, erasing, or physically destroying retired hard drives. However, specialists in computer forensics have often proven that, given enough time and technology, the data on the drives is often recoverable because it isn't sufficiently wiped out. In 2003, a group of MIT graduate students bought 158 hard disks on the used market; they were able to extricate data from all but 12 of them.

"That figure would probably be only about twice that today," says Adam Braunstein, senior research analyst at the Robert Frances Group. "Most enterprises still aren't doing enough to secure the data on retired drives. In fact, a lot of enterprises don't do anything -- they simply lock up their retired machines in storage when they're through with them, because they don't trust that the data will be safe if they send it out to be disposed of."

Enterprises today have two choices when it comes to disposing of old hard drives: do it themselves or get a third party to do it. As hard drives get larger, Braunstein observes, disk overwrites become increasingly time consuming. But third-party disposal services can also be very expensive, and there is often no way to positively ensure that the drives have truly been wiped clean and destroyed.

"Before you engage a third party to do your overwriting and disposal, you need to check them out very carefully," Braunstein explains.

But with the data trash can, an enterprise could potentially wipe their hard drives and other storage media clean before sending them out to be recycled, Turner observes. "I could even imagine a company coming around in a truck with a data trash can, and wiping out data the way some disposal companies shred your documents for you."

Technologies such as the data trash can are becoming increasingly important for many enterprises, not just because of the time and cost of hard drive erasure but because new regulatory requirements mandate the safe erasure and disposal of old storage media. "It's a part of the audit," Braunstein notes.

The data trash can could solve the problem by providing a low-cost, on-site disposal mechanism that is even more effective than a paper shredder. "Once it's been through the data trash can, it's garbage," says Turner. "At that point, data recovery is no longer possible."

— Tim Wilson, Site Editor, Dark Reading

  • L-3 Communications Corp. ComCept Division
  • Robert Frances Group

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    How to Better Secure Your Microsoft 365 Environment
    Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
    Attackers Leave Stolen Credentials Searchable on Google
    Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-01-28
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
    PUBLISHED: 2021-01-28
    A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
    PUBLISHED: 2021-01-28
    An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
    PUBLISHED: 2021-01-28
    An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
    PUBLISHED: 2021-01-28
    An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.