Thinking about selling your Echo Dot—or any IoT device? Read this first

Deleting data from Echo Dots—and other IoT devices from Amazon and elsewhere—is hard.

DAN GOODIN – 7/2/2021

Like most Internet-of-things (IoT) devices these days, Amazon’s Echo Dot gives users a way to perform a factory reset so, as the corporate behemoth says, users can “remove any… personal content from the applicable device(s)” before selling or discarding them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data.

Most IoT devices, the Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND—which is short for the boolean operator “NOT AND“—stores bits of data so they can be recalled later, but whereas hard drives write data to magnetic platters, NAND uses silicon chips. NAND is also less stable than hard drives because reading and writing to it produces bit errors that must be corrected using error-correcting code.

Reset but not wiped

NAND is usually organized in planes, blocks, and pages. This design allows for a limited number of erase cycles, usually in the neighborhood of between 10,000 to 100,000 times per block. To extend the life of the chip, blocks storing deleted data are often invalidated rather than wiped. True deletions usually happen only when most of the pages in a block are invalidated. This process is known as wear-leveling.

Researchers from Northeastern University bought 86 used devices on eBay and at flea markets over a span of 16 months. They first examined the purchased devices to see which ones had been factory reset and which hadn’t. Their first surprise: 61 percent of them had not been reset. Without a reset, recovering the previous owners’ Wi-Fi passwords, router MAC addresses, Amazon account credentials, and information about connected devices was a relatively easy process.

The next surprise came when the researchers disassembled the devices and forensically examined the contents stored in their memory.

Read more at https://arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them/

Related Posts