The Hidden Risk in "New" USB Flash Drives
In May 2025, researchers published a study titled "In Search of Lost Data: A Study of Flash Sanitization Practices". The team analysed 614 USB flash drives purchased from the budget-friendly Chinese market and marketed as brand-new. Over 12% still contained non-trivial user data, including personal or potentially sensitive files.
What Went Wrong? The Chip-Reuse Problem
The crux of the issue lies in reusing flash memory chips without proper sanitisation. Unlike hard disks, flash chips employ wear-leveling and other internal mechanisms that complicate wiping procedures. Sanitisation failures appeared arbitrary, regardless of brand or retail channel, making it nearly impossible for consumers to avoid contaminated devices without specialised equipment.
Why It Matters: Real-World Implications
This isn't just an academic curiosity. Receiving a "new" USB drive that unknowingly harbours spreadsheets, photos, or confidential documents from a stranger poses real privacy risks. Forensic investigators could also be misled by stray files that suggest false connections.
How Did Researchers Detect the Residual Data?
The team employed forensic-grade tools to scan the USB drives at the chip level, accessing raw NAND contents to piece together fragments of files and metadata. With forensic analysis, the residual data proved significant — not just random bits, but entire documents, images, and logs belonging to real users.
What You Can Do: Smart Practices for USB Use
For highly sensitive use, consider Ntera's physical data destruction system: low cost, low emissions, 100% recycled, and zero chance of malicious or accidental data recovery by a third party.