A condensed version of this article can be found here published in the SC Magazine – The CyberSecurity Source.
Delete doesn’t always mean deleted, and that could be costly
Thomas Brewster, cybersecurity correspondent at Forbes, recently tweeted a very interesting screenshot of the inventory of data taken from a law enforcement search warrant for an iPhone 6S.
Take a look at all the entries that say deleted. All this data was plainly still visible to law enforcement officers performing an investigation of the device. Specialist tools, such as the iPhone forensics kit known as GrayKey, are notoriously good at extracting deleted data. Remember, just because you can’t see it doesn’t mean that a hacker will be equally blindsided.
Most people simply assume that if a file, a message, a photo or any data has been deleted then it can’t be extracted because it simply isn’t there anymore. The likes of GrayKey, and equally efficient forensic tools for most devices and operating systems, clearly demonstrate how wrong those people are. Deleted data isn’t actually deleted, regardless of whether we are talking about your smartphone, tablet, laptop or desktop computer.
So, if it’s not deleted what does happen to your data when you hit the delete button? That’s the increasingly worrying thing in these days of privacy compliance regulation and hacker risk mitigation; it’s just made invisible to the operating system. Although the precise nature of this cloaking will vary, generally speaking the file flag is removed from the system directory. This is why you can free up space using system clean-up utilities, the space occupied by ‘deleted’ data is marked as being available again. It’s also why you can recover data using readily downloadable utilities.
Article 17 of the General Data Protection Act (GDPR), often called the right to be forgotten provides individuals with the right to have their personal data erased. There’s a 30-day time limit on complying with these requests, and the potential of heavy fines for failure so to do. Yet even with the best infrastructure insight and an audit trail of third-party data usage, the enterprise could still fall short when deleting data doesn’t mean the data has been erased.
Yes, that previously mentioned storage ‘free space’ will eventually be used again and previous data overwritten. Specialist secure erasure applications will overwrite deleted files north of 30 times to obfuscate what used to be. Some people will microwave their mobiles before disposing of them, drill holes in hard disks or hire an industrial shredding machine. None of which help much if you are not disposing of a device, quite aside from the multiple overwrites dance after every message being impractical in most real-world use case scenarios. So, what can you do to solve the deleted: not-deleted problem?
The simple answer is to not have anything to delete on your device in the first place. Which is where Pushfor enters the risk mitigation equation.
Pushfor, and the clue is in the name, pushes a view of the content to the recipient device rather than sending it. The data itself never actually leaves the source server and remains under the full control of the sender. Not only can you use the powerful analytics of Pushfor to generate a detailed audit trail of who, what, where, when, how and for how long the content is viewed, but you can also pull it back at any time. Do that and the ability to view the data has been revoked for the recipient. In the context of GDPR Article 17 compliance, the data remains on that single server under your control and can therefore be readily and securely erased at source.
Because the data is never physically stored on the device where it is being viewed, there is nothing to delete from those devices and nothing that can be uncovered, recovered and extracted by someone else.
With Pushfor, delete really does mean delete…