Amazon's Echo Dot, like most Internet-of–things devices, allows users to perform a factory reset. This allows users to remove all... personal information from the device(s), before they are sold or disposed of. Researchers have discovered that digital bits left on reset devices can be reassembled and retrieved a wide range of sensitive data including passwords, locations and authentication tokens.Ars Technica. This article originally appeared on Ars Technica. It is a trusted source of technology news, analysis, reviews and other information. Cond Nast, WIRED's parent company owns Ars.NAND-based flash memory is used to store data in most IoT devices, including the Echo Dot. NAND, which stands for the boolean operator “not and”, stores bits of data in order to be recalled later. NAND uses silicon chips, while hard drives write data onto magnetic platters. NAND is less stable than hard drives, as it can read and write to bits that are subject to error correction code.NAND is often organized in blocks, pages, or planes. This allows for limited erase cycles. Blocks can be erased between 10,000 and 100,000 times. Blocks containing deleted data are frequently invalidated to prolong the chip's life. True deletions are usually only possible when all pages within a block have been invalidated. This is called wear-leveling.Over a period of 16 months, researchers from Northeastern University purchased 86 used devices via eBay and at flea market over a period of 16 months. To determine if the devices had been factory reset, they first looked at them. The first surprise was that 61% of the devices had not been reset. It was easy to recover the Wi-Fi passwords, router addresses, Amazon credentials and information about connected devices from previous owners without a reset.Next, the researchers took apart the devices and examined the contents.Researchers wrote that an adversary could gain physical access to these devices (e.g. by purchasing a used one), and can obtain sensitive information such Wi-Fi credentials, physical locations of (previous owners), and cyber-physical devices (e.g. cameras, door locks, etc.). This information, including any previous passwords or tokens, is still stored on flash memory even after factory resets.You can find used Echo Dots or other Amazon devices in many states. The device is provisioned as the 61% of Echo Dots purchased were. You can reset the devices while they are connected to your Wi-Fi network.Researchers used a variety of techniques to extract stored data depending on the type and state of the device. Chip-off is a method that involves disassembling the device to remove the flash memory. Researchers then access the flash contents using an external device. This process requires skill and time, as well as a lot of equipment.Researchers can access flash using an alternative process called "in-system programming". This allows them to access it without having to solder it. To tap into the signal track that connects the flash and the CPU, you need to remove some of the solder mask from the printed circuit board.Researchers also developed a hybrid chip off method that causes less thermal stress and damage to the PCB as well as the embedded multi-chip packages. These defects could cause damage to the PCB pads and short circuiting. This hybrid method uses an external multi-chip package as a donor for the RAM and embedded multi media cards. Researchers who are interested in IoT device analysis will find this method most interesting.The researchers purchased six Echo Dot devices in addition to the 86 previously used devices. They then provisioned the devices with test accounts at different locations and Wi-Fi access points over several weeks. Researchers paired the provisioned devices with different smart home devices and Bluetooth devices. The researchers extracted flash content from the provisioned devices using previously described techniques.
