Exposing data remanence in sanitized NOR flash: characterization and countermeasures

Abstract

The rapid advancement of digital technology has led to the frequent decommissioning of electronic devices, many of which retain sensitive data in their non-volatile memory. NOR flash memory, widely used as a non-volatile storage medium in Internet of Things (IoT) devices, often stores proprietary firmware as well as sensitive user data collected by these systems. Although standard sanitization procedures are typically applied before disposing of such devices, residual data may persist in the storage medium, posing a significant risk of data leakage. In this work, we present a novel investigation into data remanence and recovery techniques in sanitized NOR flash memory chips. Our findings show that data can be partially or fully recovered from NOR flash arrays that have undergone an all-zero sanitization process. Given the widespread adoption of NOR flash in IoT devices, these results raise serious concerns regarding sensitive data leakage and the security of firmware updates in such systems.