When I checked the used Amazon Echo, everyone did not erase personal information in the first place, and I was able to restore my personal information even after resetting.

Be careful when selling and transferring second -hand goods.

IoT devices such as Amazon Echo are popular in ordinary households, and new devices appear more and more, so it has become commonplace to resale used devices that are no longer used in Mercari.Amazon recommends that you reset your device to the state of shipment to the state of shipment after the use of the product, then sell or transfer to others.

But simply resetting the device does not mean that the data is erased from this world.It is also possible that resale of the terminal will revive that old personal information.

I analyzed the used Amazon Echo Dot

Researchers at the North Eastern University have published research results that have been trying to elucidate security defects for 16 months to elucidate security defects by performing 86 reversal engineering, Amazon Echo Dot.

The research team disassembled the used devices obtained from eBay and flea market, organized parts, and proceeded with understanding the mechanism.

The first thing that was revealed was probably the most surprising.Most of the users who resell Amazon Echo did not return their devices to the factory shipment.As a result, most of the old data remained on the device, and the researchers could easily access the original owner's wireless LAN information, the certification information of the Amazon account, and the MAC address of the router.

Research has revealed that the reset device reset to the factory shipment is not completely reset.Contrary to Amazon's discourse, many important personal information remained on the device reset at the factory shipment has actually been restored.This is due to the fact that the device saves information using a NAND flash memory (a storage medium that does not actually delete data even if a device is reset by a process).

However, it goes without saying that extracting the personal information of the device in this way is necessary.The researcher himself has disassembled the entire device, removes flash memory solder, and removes the contents of the flash memory using another device.According to the research paper, if you get used to it, this work will be completed in 20-30 minutes.

You should think carefully when letting go of the IoT device

When GIZMODO asked Amazon for a comment on this matter, Amazon made the following statement:

Is that so.

It is unlikely that a security expert will jack personal information from an old Amazon Echo, but it is a common way to target individuals as a first step to invade large networks.

Even though it is unlikely that your personal information will be stolen right now, these IoT devices that record users' personal information are an example that showed that it is not always a security level like a robust safe.。

If you are transferring or selling old devices, not just Amazon Echo, be careful to remove your account registration carefully and return to the factory shipment.If you are worried, destroy the device with a hammer and then discard it.