It is becoming more common to have complex devices connected to the network at home that integrate the connected home. A growth that is evident with the renewal almost every year of many of these devices, which generates an increasingly powerful second-hand market and where these devices can reveal sensitive information and it is that resetting the device does not seem be enough to erase all the information they store.
It is not something that we are inventing, but it is a conclusion that researchers have reached after becoming in the second-hand market with connected speakers, in this case from the Echo family of Amazon. Speakers that, despite being restored, still had sensitive information.
Information that does not disappear
It is usual, or so it is to be expected, that before selling an electronic device we perform a factory reset. Whether it’s phones, televisions, tablets … and as if this weren’t enough, now we even have to reset light bulbs, power strips, speakers …
All these devices connect to the home Wi-Fi and in this process store data such as the names of the Wi-Fi networks, access codes, passwords, email accounts … The theory, and those are the steps they recommend On Amazon and other manufacturers, it is that before it is sold, the device is reset to factory state to erase any stored personal information.
The problem is that according to researchers at Northeastern University, resetting the device to its origins will not actually delete that data, so that a buyer with sufficient knowledge could access it and recover it. In fact, to reach this conclusion they are based on a 16-month reverse engineering study in which hundreds of devices were disassembled and analyzed.
The first striking note is that although it is the logical step, not all owners had restored their equipment before selling it. And in the cases in which it had been proceeded in a theoretically appropriate way, they had been able to easily access personal data related to Wi-Fi information, Amazon account data or the MAC addresses of the router.
It is striking that despite resetting the speaker, this data does not disappear, it is still there. According to the study, this is due to the way in which these devices store that information using NAND flash memory.
It is a type of non-volatile memory, which means that it does not require energy to store information, which causes this data to remain there despite the fact that, for example, we have turned off the device and disconnected the power.
