Secure-Erasing Mac’s Disks is No Longer Secure, Apple Says

George Herman
George Herman
IT Security Expert

Get a FREE scan to check for problems

Some infections like this virus can regenerate themselves. There is no better way to detect, remediate and prevent malware infection, than to use a professional anti-malware software like SpyHunter. One Application that is capable of solving all MAC problems.

Anti-Malware

SpyHunter Anti-Malware FREE 15-day trial available.

In the past, when you wanted to replace your hard drive with a bigger one, you’d just run a “secure erase” on it to erase all the personal data you’ve stored. Practically, this operation would write zeros to the entire disk, overwriting anything that’s already there.

However, nowadays, this no longer does the trick. According to Apple, the new secure-erase is to encrypt your disk only.

In fact, the problem with putting everything in the trash is that computers don’t actually delete everything completely. They only pretend that those files are no longer kept there, marking the space they occupy as free. After that, at some point in the future, those bits may be overwritten with new bits, from a new file. That is the way how the recovery software works.

The so called “secure erase” writes data over the orphaned files (from once to 35 times on the Mac) until they can no longer be recovered. However, in the manual for Apple’s Disk Utility (available to read in the Mac’s Terminal app by typing man diskutil), you can read why Apple no longer considers this approach secure:

NOTE: This kind of secure erase is no longer considered safe because modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware.

The modern solution for quickly and securely erasing your data is strong encryption, with which mere destruction of the key more or less instantly renders your data irretrievable in practical terms.

As a Mac user, you should know that an encrypted disk can’t be read without the key to unlock it. And if you delete that key, the only thing that remains is the encrypted data, which is absolute nonsense.

Due to the fact that the storage of your iPhone and iPad is encrypted by default, you can use the Erase All Content and Settings (under General > Reset in the Settings app) to wipe your iOS device immediately. This means that you can keep using your iPhone until the moment you hand it over, and then erase it.

While on the Mac, you must enable FileVault to get full-disk encryption. However, if you set up a new Mac since OS X Yosemite, most probably you already did that.

In Yosemite, Apple checks the box to enable FileVault during the setup process. If you don’t want to use FileVault, you must opt it out. Between that and the T2 security chip, the Mac is almost as impenetrable to a hands-on attack as the iPhone and iPad. So, you’d better not bother to secure erase your Mac disk. Instead, just encrypt it from the beginning.

Leave a Reply

Your email address will not be published.