Like most of the Internet of things devices these days, Amazon Echo Dot gives users a way to do a factory reset in a way that, like the corporate behemoth he says, users can “delete any … personal content from the applicable device (s)” before selling or disposing of it. But researchers have found recently that the remaining digital bits on these reset devices can be gathered to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other things.
Mostly IoT devices, u Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND – which is short for Boolean “no and” operator – stores pieces of data so that they can be retrieved later. But while hard disks write data to magnetic plates, NAND uses silicon chips. NAND is also less stable than hard disks because reading and writing produce bit errors that need to be corrected with an error correction code.
NAND is generally organized into plans, blocks, and pages. This concept allows a limited number of cancellation cycles, usually in the vicinity of 10,000 to 100,000 times per block. To extend the life of the chip, blocks that store deleted data are often invalidated rather than wiped. True deletions usually happen only when most of the pages in a block are invalidated. This process is known as wear-leveling.
Researchers at Northeastern University bought 86 used devices on eBay and in the flea markets for a period of 16 months. They first examined the devices purchased to see which ones were factory reset and which ones were not. His first surprise: 61 percent of them had not been reset. Without a reset, retrieving Wi-Fi passwords from previous owners, the router’s MAC addresses, Amazon account credentials, and information on connected devices was relatively easy.
The next surprise came when the researchers disassembled the devices and forensically examined the content stored in their memory.
An opponent with physical access to such devices (e.g., acquiring a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, locks). of door) ”, the researchers wrote in a research article. “We demonstrate that such information, including all previous passwords and tokens, will remain on the flash memory, even after a factory reset.”
Used Echo Dots and other Amazon devices can come in a variety of states. One state is that the device remains in demand, as 61 percent of Echo Dots purchased were. Devices can be reset while connected to the previous owner’s Wi-Fi network, reset while disconnected from Wi-Fi, with or without deleting the device from the owner’s Alexa app.
Depending on the type of NAND flash and the status of the previously held device, the researchers used several techniques to extract the archived data. For reset devices, there is a process known as chip-off, which involves disassembling the device and dissolving the flash memory. Next, the researchers use an external device to access and extract the flash content. This method requires a fair amount of equipment, skills and time.
A different process called in-system programming allows researchers to access the lamp without dissolving it. It works by scraping a part of the solder mask coating of the printed circuit board and attaching a conductive needle to a piece of exposed copper to tap into. signal trace, which connects the lamp to the CPU.
Researchers have also created a hybrid chip-off method that causes less damage and thermal stress to the PCB and the integrated multi-chip package. These defects can cause short circuit and breakage of PCB pads. The hybrid technique uses a donor multi-chip package for RAM and the integrated card part of the original multi-chip package outside. This method is especially interesting for researchers who want to analyze IoT devices.
In addition to the 86 devices used, the researchers bought six new Echo Dot devices and, for several weeks, provided them with test accounts in different geographic locations and different Wi-Fi access points. Researchers have associated the devices provided with a different and smart home Bluetooth devices. Then, the researchers extracted the flash content from these always-provided devices using the techniques described earlier.