Amazon Echo Dots stores tons of data, even after a reset


Like most connected objects devices these days, Amazon’s Echo Dot gives users a way to perform a factory reset so that as a corporate giant said, users can “remove any… personal content from the affected device (s)” before selling or discarding it. But the researchers have recently found that the digital bits that are left on these reset devices can be reassembled to recover a plethora of sensitive data, including passwords, locations, authentication tokens and other things.

Most IoT devices, the Echo point included, use NAND-based flash memory to store data. Like traditional hard drives, NAND – which is short for the Boolean operator “not and” – stores bits of data so that they can be recalled later. But while hard drives write data to magnetic platters, NAND uses silicon chips. NAND is also less stable than hard drives because reading and writing it produces bit errors that must be corrected using an error correction code.

NAND is generally organized into plans, blocks and pages. This design allows for a limited number of erase cycles, generally on the order of 10,000 to 100,000 times per block. To extend the life of the chip, blocks storing deleted data are often invalidated rather than erased. True deletions usually only occur when most of the pages in a block are invalidated. This process is known as wear leveling.

Researchers at Northeastern University purchased 86 used devices on eBay and at flea markets over a 16-month period. They first looked at purchased devices to see which had been factory reset and which had not. Their first surprise: 61% of them had not been reset. Without a reset, it was relatively easy to recover Wi-Fi passwords, router MAC addresses, Amazon account credentials, and connected device information from previous owners.

The next surprise came when the researchers took the devices apart and forensic examination of the content stored in their memory.

“An adversary with physical access to such devices (for example, buying a used one) can retrieve sensitive information such as Wi-Fi credentials, physical location of (former) owners and devices cyber-physical (eg cameras, door locks), ”the researchers wrote in a research paper. “We show that this information, including all previous passwords and tokens, remains in flash memory, even after a factory reset.”

Echo Dots and other used Amazon devices can come in various states. One state is that the device remains provisioned, as were the 61% of Echo Dots purchased. Devices can be reset when connected to the previous owner’s Wi-Fi network, reset when disconnected from Wi-Fi, with or without removing the device from the owner’s Alexa app.

Depending on the type of NAND flash and the condition of the previously owned device, the researchers used several techniques to extract the stored data. For reset devices, there is a process called chip-off, which involves taking the device apart and unsoldering the flash memory. The researchers then use an external device to access and extract the flash content. This method requires a fair amount of equipment, skill, and time.

A different process called programming into the system allows researchers to access flash memory without desoldering it. It works by scraping off some of the solder mask coating from the printed circuit board and attaching a conductive needle to an exposed piece of copper to tap into the signal trace, which connects the flash to the CPU.

The researchers also created a hybrid chip-off method that causes less damage and thermal stress to the PCB and integrated multi-chip package. These faults can cause short circuits and breakage of the PCB pads. The hybrid technique uses a donor multi-chip case for the RAM and the integrated media card part of the original multi-chip case on the outside. This method is especially interesting for researchers who want to analyze IoT devices.

In addition to the 86 devices used, the researchers purchased six new Echo Dot devices and, over a period of several weeks, provided them with test accounts at different geographic locations and different Wi-Fi access points. devices provisioned to different smart homes and Bluetooth devices. The researchers then extracted flash content from these still provisioned devices using the techniques described previously.

[ad_2]

Source Link