Posted by SecExtra on May 07th, 2008

Portable media devices – from USB keys, to media cards and storage cards are now ubiquitous and convenient. But how many of us treat them with the same vigilance as our laptops? And if you think regularly deleting files from these devices will afford you some protection, think again.

Laptops are the easiest to protect. Provided you use a secure erasing tool it’s possible to remove your deleted files for good. In addition to commercial versions, such as that offered by PGP, there are also freeware versions, such as Eraser, which are readily available online. Beware anyone who tells you a defragmenter will do the job. They do not destructively delete data, but simply make it harder to recover.

Smartphones with their push email capabilities means many email attachments are now stored on the removable storage card. It’s easy to extract the storage card and examine the contents on a PC using a card reader. There are several freeware data recovery applications, though some commercial applications are better. Various forensic tools are available to recover deleted text messages, pictures etc from virtually any phone. Even resetting to factory defaults may not solve the problem.

Fortunately, smartphone O/S vendors have sought to provide a solution with Windows Mobile (WM6). This encrypts the contents of the storage card and allows you to remotely wipe it, unlike WM5 which only offers remote wipe of the device (not the card). Depending on the configuration, WM6 can also facilitate a local wipe if a threshold of incorrect PIN entries has been exceeded.

WM6 also has a rigorous lockdown procedure. If a thief attempts to reset the device in order to gain access to the hardware, the decryption keys will be lost and so will access to the data on the storage card. This is a strong security feature but it rules out a reset to factory defaults in the event of device failure, as the encryption keys will be lost.

Finally, remember that removable media cards are just as susceptible. At a recent stag weekend, the best man took a number of photos but deleted the more risqué shots. I borrowed the camera before the wedding, removed the SD card from the camera, ran a file recovery application and recovered all the shots. Most of the photos were images of the best man being spanked. Surely that’s enough to scare anyone into destroying their data?

Ken Munro can be contacted at ken.munro@securetest.com