When you think of threats that may compromise your encrypted personal, or business files, the last thing that comes to mind is the popular document editors you regularly handle your docs with. However, the working mechanisms of these applications may pose just as much privacy threats to your files as evil-minded cyber-crooks operating from Russia, or China do.
Case in point, the auto-recovery feature in MS Office and OpenOffice. By default, the apps save copies of docs you are working on to your computer's hard drive in every 10-15 minutes so that your unsaved edits can be rescued if there is a system crash, power failure, or an application crash.
While this handy feature can save you from the hassle of having to redo hours of work, or losing critical data, it's worth getting familiar with its working mechanism from a privacy point of view.
The afterlife of your deleted auto-recovery files
If you read the support documentation on the official MS Office and OpenOffice sites, the companies claim that auto-recovery copies are deleted as soon as the file is manually saved, or you quit the editor. While this sounds very reassuring, a little experiment can reveal a severe privacy threat "deleted" auto-recovery files pose.
Let's say you have just successfully recovered a corrupted file in MS Office after an application crash. You save the file manually so, in theory, the autorecovery file is now gone. However, if you run a file recovery application on your computer, it restores the autorecovery file in a short while! If you could undelete the copy, unauthorized parties accessing your lost, or stolen laptop can also do it despite the original file being "securely" encrypted!
How is it possible that deleted auto-recovery files can be restored?
To properly understand this issue, we need to differentiate between default Windows deletion and secure deletion.
Secure deletion (also called wiping, erasing, shredding) refers to the process of overwriting the data contained in a file with random characters to ensure that the original data is impossible to restore. Data erasure and privacy protection software employ government-grade algorithms to overwrite the original data with complex patterns, multiple times.
On the other hand, the default Windows deletion only removes the deleted file's reference and marks the disk area occupied by the file available for overwriting. In this case the file content is not destroyed, but stays on the free space of the disk drive you work on, waiting for new files to overwrite it.
Since Windows employs a user-independent pattern to gradually overwrite the files it throws on the free space, an unauthorized person can restore your "deleted" auto-recovery files weeks, months, or, in extreme cases, even years after MS Office, or OpenOffice "deleted" them.
As a conclusion, the recovery of your deleted auto-recovery files is possible because both MS Office and OpenOffice avail of the default Windows deletion, instead of performing secure deletion.
In what format can deleted auto-recovery files be restored?
The bad news is that restored auto-recovery files come back to life in plain text format regardless that the original files are securely encrypted. It is because when you want to work with an encrypted file in your document editor, your encryption software first needs to decrypt your file (or you need to do it manually) in order for the document editor to be able to use it. If the file were opened in your doc editor in its encrypted format, you could only see an ocean of scrambled data. So anytime the suite creates an auto-recovery copy, that's going to be the replica of the decrypted (plain text) file you last worked on.
Let me give you an example: You are updating your encrypted Excel chart called "My Passwords" in OpenOffice when your laptop's battery dies. The next time you run OpenOffice, it asks you if you want it to recover the corrupted file (using the last copy it saved). If you click Yes, voila!, the suite presents you with a copy of your password list in plain text format. How could OpenOffice restore the encrypted file in plain text format? Simply because it saved a copy of the plain text file you were working on before the crash occurred.
Why do the suites not perform secure deletion?
The simple reason why the suites prefer the default Windows deletion is that it saves valuable time and resources for them and you. Secure deletion takes longer time than the default Windows deletion does, because of the meticulous overwriting process. However, when it comes to privacy security, the extra time secure deletion requires is a price worth paying. All the more so since there is an easy workaround the issue.
What's the solution?
There are two things you need to do in order to tackle the privacy issue posed by auto-recovery copies:
- Disable Auto-recovery and enable Backup instead in MS Office, or OpenOffice and change the default location of the backup folders to an encrypted safe. This way your backup copies are securely stored and unsaved docs can be recovered in case there is a system crash, power failure, or application failure.
- With the help of a data erasure, or privacy protection software schedule an overnight wipe to get rid of the remains of deleted auto-recovery files that have accumulated on your hard drive so far. After the thorough wiping, no file recovery programs will be able restore the previously deleted auto-recovery copies from the disk.
Implementing these privacy measures will help you protect the security of your encrypted files while handling them with MS Office and OpenOffice.
About the author: Adam Csorghe works as Communications Manager at East-Tec, a privacy software company.