Northeastern University researchers showed that factory resetting an Amazon Echo Dot isn’t enough to protect your personal information from someone with physical access to the device.
The researchers said anyone with that physical access could “retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks)” from an Amazon Echo Dot even after it’s been factory reset.
They also said these devices reveal that data as well as “all previous passwords and tokens” after a reset “due to the wear-leveling algorithms of the flash memory and lack of encryption.” Put simply: Factory resetting a device’s storage doesn’t do what many people think it does.
Not that many soon-to-be-former Amazon Echo Dot owners appeared to be concerned about the safety of their information. The researchers said they purchased 86 used Amazon Echo Dots as part of this study, and of those, 61 percent weren’t factory reset before they were resold.
The researchers also found that many people selling broken Amazon Echo Dots, most of which couldn’t be powered on, skipped the factory reset process before passing them on to their new owners. It seems many were unaware of the risk of selling used Internet of Things devices.
Unfortunately it doesn’t seem the ability to retrieve Wi-Fi credentials, the owner’s physical location, and other information is top-of-mind for Amazon. Instead it seems more focused on the claim that account and payment information can’t be gleaned from factory reset devices.
“The security of our devices is a top priority,” the company said in a statement to Gizmodo. “We appreciate the work of independent researchers who help bring potential issues to our attention, and are working on additional mitigations to further secure our devices. We recommend customers deregister and factory reset their devices before reselling, recycling, or disposing of them. It is not possible to retrieve Amazon account passwords or payment card information from memory, because that data is not stored on device.”
5 comments
602747 993505I saw however another thing concerning this on another blog. Youve naturally spent some time on this. Nicely done! 978550
139664 81141Hi, ich habe Ihre Webseite bei der Suche nach Fernbus Hamburg im Internet gefunden. Schauen Sie doch mal auf meiner Seite vorbei, ich habe dort viele Testberichte zu den aktuellen Windeleimern geschrieben. 364749
687463 296743I truly like your writing style, very good info, appreciate it for posting : D. 896841
363803 163879So funcy to see the article within this weblog. Thank you for posting it 733863
219651 350985An extremely intriguing examine, I might not agree completely, but you do make some quite legitimate factors. 171015