Tech

Passwords in Amazon Echo Dots live on even after you factory-reset them

Passwords in Amazon Echo Dots live on even after you factory-reset them

Enlarge (credit: Getty Images)

Like most Internet-of-things devices these days, Amazon’s Echo Dot gives users a way to perform a factory reset so , as the corporate behemoth says , users can “remove any… personal content from the applicable device(s)” before selling or discarding all of them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data.

Most IoT devices, the Echo Dot included, use NAND-based flash memory to store data. Like traditional hard drives, NAND—which is short for the boolean operator ” NOT AND “—stores bits of information so they can be recalled later, but whereas hard drives write data to magnetic platters, NAND uses silicon chips. NAND will be also less stable than hard disk drives because reading and writing in order to it produces bit errors that will must be corrected using error correcting code.

Reset but not wiped

NAND is usually organized in planes, blocks, and pages. This design allows for a limited number of erase cycles, usually within the neighborhood of between 10, 000 to 100, 000 times per block. To extend the particular life of the chip, blocks storing deleted data are often invalidated rather than wiped. True deletions usually happen only when most of the pages in a block are invalidated. This process is known as wear-leveling .

Read 29 remaining paragraphs | Comments