Here's why you should never sell used USB drives or SSDs

USB drives
(Image credit: Pixabay)

A new report from Abertay University has exposed how widespread the security risks are when selling used storage devices. The research, led by student James Conacher, found 75,000 ‘deleted’ files were easily recovered from second-hand USB drives and SSDs purchased online.

Although 98 out of the 100 purchased storage devices appeared to be empty, in reality, only 32 had been properly wiped. With publicly available tools, it was possible to extract partial files from 26 of the drives, while every file was retrieved from the remaining 42 devices. 

Among the files recovered was highly sensitive information, including bank statements, passwords and tax returns.

“An unscrupulous buyer could feasibly use recovered files to access sellers’ accounts if the passwords are still valid, or even try the passwords on the person’s other accounts given that password re-use is so widespread,” Professor Karen Renaud from Abertay University’s Division of Cybersecurity explained. 

“They would likely be able to find a seller’s e-mail address from the files we found on the drive. They could try to siphon money from the bank accounts or even blackmail a seller by threatening to reveal embarrassing information.”

Easily retrieved

While it may appear that deleting files is a straightforward process, it is actually a little bit more complicated. When most computers ‘delete’ files, what they actually do is simply remove them from the viewable index. Easily available forensic tools can then be used to recover them.

Bespoke software is available for anyone looking to permanently delete files and this is highly recommended for anyone looking to sell an old USB drive. If, on the other hand, you just want to throw the drive away, it is best to destroy it with a hammer before chucking it in the bin.

Interestingly, the Abertay research team did not find any malware across the 100 drives, suggesting that although the risk to sellers of old storage devices is high, buyers are likely to be fine.

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.