[ad_1]
Like most things on the Internet These devices now allow Amazon’s Echo Dot to give users a way to do a factory reset, thus as a company behemoth he says, users may “remove any personal content from applicable devices” before selling or disposing of it. But researchers do recently discovered that the remaining digital bits on these reset devices can be reassembled to retrieve a wide range of sensitive data, including passwords, locations, authentication tokens, and more.
Most of them IoT devices, Echo Dot including, use NAND-based flash memory to store data. Like traditional hard drives, NAND is short for “no and” for the Boolean operator – it stores chunks of data for later recall. But while hard drives write data on magnetic plates, NAND uses silicon chips. NAND is less stable than hard disks because reading and writing on it creates bit errors that need to be corrected using error correction code.
NAND is usually arranged in planes, blocks, and pages. This design allows for a limited number of deletion cycles, typically between 10,000 and 100,000 times per block. To extend the life of the chip, blocks that store deleted data are overwritten instead of deleted. Actual deletions occur when most pages in a block are invalidated. This process is called wear equalization.
Researchers at Northeastern University bought 86 used devices from eBay and the flea market in 16 months. They first examined the devices purchased, which ones were factory reset and which ones were not. First surprise: 61 percent of them were not reset. Without resetting, retrieving information from previous owners ’Wi-Fi passwords, router MAC addresses, Amazon account credentials, and connected devices was fairly easy.
The next surprise came when the investigators disassembled the devices and forensically examined the contents stored in the memory.
“Opponents with physical access to these devices (e.g., by buying a used one) can retrieve sensitive information, such as Wi-Fi credentials, (previous) owners’ physical location, and cyber-physical devices (e.g., cameras, door locks), ”the researchers wrote. in a research work. “We show that this information, including all previous passwords and tokens, is retained in flash memory, even after a factory reset.”
Used Echo Dots and other Amazon devices can come in a variety of situations. One situation is that the device remains equipped, accounting for 61 percent of the Echo Dots purchased. Devices can be reset while connected to the previous owner’s Wi-Fi network, reset when disconnected from Wi-Fi, or from the owner’s Alexa app.
Depending on the type of NAND flash and the status of the device before it, the researchers used a variety of techniques to extract the stored data. To reset the device, there is a process called chip-off, which is to disassemble the device and desolder the flash memory. The researchers then use an external device to access and extract the flash content. This method requires considerable equipment, skills and time.
Different processes called system programming can allow researchers to enter the flash without desoldering. It works by scratching and scratching some coatings of the welded mask from the printed circuit board and attaching the conductive needle to an attached piece of copper. signal trace, which connects the flash to the CPU.
The researchers also created a hybrid chip-off method that causes less damage and thermal stress to the PCB and multi-chip package. These errors can cause a short circuit and a break in the PCB pads. The hybrid technique uses a multi-chip package for donors for RAM and an embedded multi-chip memory card from the original multi-chip package. This method is especially interesting for researchers who want to study IoT devices.
In addition to the 86 devices used, the researchers purchased six new Echo Dot devices and, over the course of a few weeks, provided them with test accounts at different geographic locations and different Wi-Fi access points. Devices equipped by researchers to different smart homes and Bluetooth devices. The researchers extracted flash content from these still-equipped devices using the techniques described earlier.
[ad_2]
Source link
