Like most IoT Today’s devices, Amazon’s Echo Dot provides users with a way to restore factory settings in order to be a corporate giant Say, Users can “remove any…personal content from applicable devices” before selling or discarding them.But the researchers have Recently discovered The digital bits retained on these reset devices can be recombined to retrieve large amounts of sensitive data, including passwords, locations, authentication tokens, and other content.
most IoT devices, This Echo point Including the use of NAND-based flash memory to store data. Like traditional hard drives, NAND (short for the Boolean operator “not and”) stores data bits for later recall. However, hard drives write data to disks, while NAND uses silicon chips. NAND is also not as stable as a hard drive, because reading and writing it will produce bit errors, which must be corrected with error correction codes.
NAND is usually organized in planes, blocks, and pages. This design allows a limited number of erase cycles, usually about 10,000 to 100,000 times per block. In order to extend the life of the chip, the blocks storing the deleted data are usually invalidated rather than erased. The actual deletion usually only occurs when most of the pages in the block are invalid. This process is called wear leveling.
Researchers at Northeastern University bought 86 second-hand devices on eBay and flea markets in 16 months. They first checked the purchased equipment to see which equipment had been restored to factory settings and which had not yet been restored to factory settings. Their first surprise: 61% of people have not been reset. There is no need to reset, and it is relatively easy to recover the previous owner’s Wi-Fi password, router MAC address, Amazon account credentials, and information about connected devices.
When the researchers took apart the device and performed a forensic examination of the contents stored in its memory, the next surprise came.
“An adversary who has physical access to such equipment (for example, buying second-hand equipment) can retrieve sensitive information, such as Wi-Fi credentials, the physical location of the (previous) owner, and cyber-physical equipment (for example, cameras, door locks),” The researchers wrote in a research paper. “We show that even after restoring the factory settings, this information, including all previous passwords and tokens, will remain in the flash memory.”
Used Echo Dots and other Amazon devices can have multiple states. One state is that the device is still in a pre-configured state, because 61% of purchased Echo Dots are like this. The device can be reset when connected to the previous owner’s Wi-Fi network and when disconnected from Wi-Fi, regardless of whether the device is removed from the owner’s Alexa app.
Depending on the type of NAND flash memory and the state of the previously owned equipment, the researchers used a variety of techniques to extract the stored data. For resetting the device, there is a process called chip shutdown, which includes disassembling the device and desoldering the flash memory. The researchers then used external devices to access and extract flash memory content. This method requires a considerable amount of equipment, skills and time.
A different process called in-system programming allows researchers to access flash memory without desoldering.It works by scraping off some solder mask from the printed circuit board, and then connecting the conductive pins to the bare copper sheet Signal traceTo connect the flash memory to the CPU.
The researchers also created a hybrid chip drop method that can reduce damage and thermal stress to PCBs and embedded multi-chip packages. These defects can cause short circuits and damage to the PCB pads. The hybrid technology uses a donor multi-chip package for RAM, and uses the embedded multimedia card part of the original multi-chip package on the outside. For researchers who want to analyze IoT devices, this method is the most interesting.
In addition to the 86 used devices, the researchers also purchased 6 new Echo Dot devices and provided them with test accounts for different geographic locations and different Wi-Fi access points within a few weeks.The researchers paired the configured devices with different smart homes, and Bluetooth deviceThe researchers then used the techniques described earlier to extract flash memory content from these devices that are still available.