[HN Gopher] Amazon Echo Dot Does Not Wipe Personal Content After...
___________________________________________________________________
Amazon Echo Dot Does Not Wipe Personal Content After Factory Reset
Author : walterbell
Score : 64 points
Date : 2021-07-24 19:25 UTC (3 hours ago)
(HTM) web link (www.cpomagazine.com)
(TXT) w3m dump (www.cpomagazine.com)
| thelucky41 wrote:
| Consumer electronics are becoming more durable. Where once I
| might have replaced a cell phone every year and my home router
| every two, I now have had the same phone for four years and my
| router for six. Second hand sellers and repair shops need the
| factory reset feature, but we all benefited when our firmware
| allowed the devices to become safely transferable and repairable.
|
| From the cited paper, most of the acquired devices were not even
| reset:
|
| > Not reset devices: A surprising number of devices (61% ) were
| not reset by the previous owners. Due to the setup of our
| experiment, we had no possibility of asking the previous owners
| any questions.
|
| I'm doubtful this exists, but I'd like it if it were possible to
| perform a factory reset or account transfer completely online,
| and other features around improving the security in the resale
| market.
|
| For those curious like me how the wifi password was actually
| leaked:
|
| > WPA-supplicant is responsible for connecting to configured
| access points after provisioning. We found that it creates its
| con- figuration files on the user data partition in the folder
| "misc/wifi/". Here the file "wpa_supplicant.conf " contains the
| Wi-Fi credentials, such as the SSID and PSK.
| Causality1 wrote:
| Yet another consumer protection law we sorely need. That a
| factory reset should leave passwords on a device should open
| Amazon to enormous liability.
| foxpurple wrote:
| Ideally, the OS should be an immutable image and the user
| partition completely seperate. Than a factory reset simply has
| to nuke the user partition and place a fresh template over the
| top.
|
| I can understand how something not designed could have
| difficulty factory resetting when data can be scattered all
| over the place.
| RicoElectrico wrote:
| I don't know about what is it like now (with all this A/B
| stuff), but /system/ on Android is supposed to be read only.
| As was ROFS on Symbian. That said, root could modify /system/
| anyway.
| jeroenhd wrote:
| It's still read-only on Android these days (there are
| multiple partitions for A/B stuff). Root can modify it,
| true, but I don't think anyone is storing any secrets on
| there.
|
| With file-based encryption on the data partitions, Android
| hard resets should make all files inaccessible even if
| they're left on the drive.
| haunter wrote:
| >Since the storage media in these IoT devices would not last long
| if true deletions were being performed constantly, "deleted" data
| is often simply invalidated and moved to an unused page in the
| block (in a process called "wear leveling"). These invalidated
| pages, which still contain the data, remain present until a block
| fills up with them and a true deletion is initiated.
|
| >Accessing flash memory that has been factory reset in this way
| does require some amount of technical skill and specialized
| equipment, but nothing that is a real barrier to the average
| enthusiast working at home.
|
| By that logic my iPhone 11, my Android phone, my Mac or my
| Windows PC doesn't wipe personal content either after factory
| reset
|
| Feels like a bit clickbait-ish
|
| But at least Macs have a built-in 7-pass erase option to comply
| with DOD standards https://techpatio.com/wp-
| content/uploads/2012/09/disk-utilit...
| wongarsu wrote:
| Concerning Windows, the help page about the factory reset
| states "You'll be asked to choose whether you want to erase
| data quickly or thoroughly. If you choose to erase data
| quickly, some data might be recoverable using special software.
| If you choose to erase data thoroughly, this will take longer
| but it makes recovering data less likely." [1]
|
| Of course deleting data on an SSD is tricky due to wear-
| leveling, anything short of telling the drive to erase the
| entire disk with the secure erase command isn't guaranteed to
| work.
|
| 1: https://support.microsoft.com/en-us/windows/how-to-
| refresh-r...
| orev wrote:
| This is why FDE is mostly the default on all of the devices you
| mention. The secret keys are stored in the TPM or equivalent.
| Most SSDs for Mac/PC also have an OEM software option to
| trigger a secure wipe using special software from the vendor.
|
| The problem here is that the Echo is closed so those options
| aren't available to you. However, this is also a problem on
| other custom devices like printers.
| sp332 wrote:
| There is a command you can send to the drive that will erase
| all data including from those extra bookkeeping areas. "ATA
| Secure Erase". The drive has to support it of course.
| gojomo wrote:
| I believe iOS handles this by ensuring all flash-written data
| is encrypted with an on-device key.
|
| A 'wipe' then definitively erases that key - making further
| overwrites of the freed data unnecessary.
|
| If the crypto is strong, and the key never exfiltrated, then
| this may be even _better_ than an explicit overwrite, which on
| some media (like magnetic drives) may still leave trace hints
| of the old data that advanced techniques could recover.
| ashtonkem wrote:
| Do you have any sources for the assertion that resetting an iOS
| device doesn't remove data?
| croon wrote:
| https://www.apple.com/ca/business-
| docs/iOS_Security_Guide.pd...
|
| > The "Erase all content and settings" option in Settings
| obliterates all the keys in Effaceable Storage, rendering all
| user data on the device cryptographically inaccessible.
|
| Semantics debate around whether leaving data practically
| inaccessible is the same as removing it, but considering
| where we are, I'd say it isn't.
|
| Granted, this is from 2018, but I doubt the defaults and
| concept have changed.
| wrboyce wrote:
| Do iOS devices not leverage full disk encryption? In which
| case I'd assume simply wiping the encryption keys/fde headers
| would be sufficient? (Which it almost certainly does.)
| [deleted]
| walterbell wrote:
| User/config partitions can be encrypted and factory reset can
| delete the user/config encryption key. Minimizes writes to
| physical blocks, user data becomes unrecoverable.
|
| This is standard practice for repurposing of multi-TB hard
| drives.
___________________________________________________________________
(page generated 2021-07-24 23:00 UTC)