Data on SanDisk Solid State Drives may be recoverable after running the BIOS Secure Erase Function or the ThinkPad Drive Erase Utility

2016-07-27T00:00:00
ID LENOVO:PS500061-NOSID
Type lenovo
Reporter Lenovo
Modified 2016-07-27T00:00:00

Description

Lenovo Security Advisory: LEN-5595

Potential Impact: Drive data may be able to be recovered after running the secure erase utility

Severity:Medium

Scope of Impact: Lenovo

Summary Description:

SanDisk’s firmware used to erase the data on these SSDs did not meet Lenovo’s specifications and it was determined that even after running the ThinkPad Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive or executing the Secure Erase function in the BIOS, data on the impacted SanDisk drives may potentially be recoverable under certain conditions. For example, a hacker would need physical possession of a discarded SSD and know how to recover data from it.

To address this issue, SanDisk has provided firmware fixes that Lenovo has made available through the links below.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update the SSD firmware or your system BIOS (see table below).

PLEASE NOTE: SSDs not purchased through Lenovo are not guaranteed to work with these tools.

To determine the model of your disk drive in Microsoft Windows, go to Device Manager by entering the words “Device Manager” in Windows search and expand the arrow next to “Disk drives”.