research-article

Public Access

Amazon echo dot or the reverberating secrets of IoT devices

Authors:

Guevara NoubirAuthors Info & Claims

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 13 - 24

https://doi.org/10.1145/3448300.3467820

Published: 28 June 2021 Publication History

Abstract

Smart speakers, such as the Amazon Echo Dot, are very popular and routinely trusted with private and sensitive information. Yet, little is known about their security and potential attack vectors. We develop and synthesize a set of IoT forensics techniques, apply them to reverse engineer the hardware and software of the Amazon Echo Dot, and demonstrate its lacking protections of private user data. An adversary with physical access to such devices (e.g., purchasing a used one) can retrieve sensitive information such as Wi-Fi credentials, the physical location of (previous) owners, and cyber-physical devices (e.g., cameras, door locks). We show that such information, including all previous passwords and tokens, remains on the flash memory, even after a factory reset. This is due to the wear-leveling algorithms of the flash memory and lack of encryption. We identify and discuss the design flaws in the storage of sensitive information and the process of de-provisioning used devices. We demonstrate the practical feasibility of such attacks on 86 used devices purchased on eBay and flea markets. Finally, we propose secure design alternatives and mitigation techniques.

References

[1]

2011. NAND Flash Table. (Jul 2011). http://www.linux-mtd.infradead.org/nand-data/nanddata.html [Online; accessed 7. July. 2020].

[2]

2019. Juniper Estimates 3.25 Billion Voice Assistants Are in Use Today, Google Has About 30% of Them - Voicebot.ai. (Feb 2019). shorturl.at/uHNOP [Online; accessed 4. Aug. 2020].

[3]

2020. 2017 Fire HD 10: Unbricking from anti-rollback. (Aug 2020). https://forum.xda-developers.com/hd8-hd10/development/2017-fire-hd-10-unbricking-anti-rollback-t3896616 [Online; accessed 31. Aug. 2020].

[4]

2020. Amazon Echo Dot : CVE security vulnerabilities, versions and detailed reports. (Aug 2020). https://www.cvedetails.com/product/46475/Amazon-Echo-Dot.html?vendor_id=12126 [Online; accessed 4. Aug. 2020].

[5]

2020. Fire HD 8 (2018 ONLY) unbrick, downgrade, unlock & root. (Aug 2020). https://forum.xda-developers.com/hd8-hd10/orig-development/fire-hd-8-2018-downgrade-unlock-root-t3894256 [Online; accessed 31. Aug. 2020].

[6]

2020. Pryon. https://www.pryon.com/. (Oct 2020). [Online; accessed 1. Oct. 2020].

[7]

2020. Sleuthkit Autopsy features. (Aug 2020). http://www.sleuthkit.org/autopsy/features.php [Online; accessed 1. Aug. 2020].

[8]

2020. [UNLOCK][ROOT][TWRP][UNBRICK] Fire HD 8 2017 (douglas). (Aug 2020). https://forum.xda-developers.com/hd8-hd10/orig-development/unlock-fire-hd-8-2017-douglas-t3962846 [Online; accessed 31. Aug. 2020].

[9]

Amazon. 2020. Amazon.com Help: Amazon Frustration-Free Setup Frequently Asked Questions. (2020). https://www.amazon.com/gp/help/customer/display.html?nodeId=GMPKVYDBR223TRPY [Online; accessed 15. Mar 2020].

[10]

Amazon. 2020. Fire OS 6 for Fire Tablets | Fire Tablets. (2020). https://developer.amazon.com/docs/fire-tablets/fire-os-6.html [Online; accessed 02. May. 2020].

[11]

Amazon. 2020. Overview of Amazon Device Messaging | Amazon Device Messaging. (2020). https://developer.amazon.com/docs/adm/overview.html [Online; accessed 02. May. 2020].

[12]

Amazon. 2020. Understanding Frustration-Free Setup | Frustration-Free Setup. (2020). https://developer.amazon.com/docs/frustration-free-setup/understanding-ffs.html [Online; accessed 15. Mar 2020].

[13]

JEDEC Solid State Technology Association. 2010. Embedded MultiMediaCard (eMMC) eMMC/Card Product Standard, High Capacity, including Reliable Write, Boot, Sleep Modes, Dual Data Rate, Multiple Partitions Supports, Security Enhancement, Background Operation and High Priority Interrupt (MMCA, 4.41). JESD84-A441 (2010).

[14]

JEDEC Solid State Technology Association. 2012. Embedded Multimedia Card (eMMC), Electrical Standard 4.51. JESD84-B451 (2012).

[15]

Marcel Breeuwsma, Martien De Jongh, Coert Klaver, Ronald Van Der Knijff, and Mark Roeloffs. 2007. Forensic data recovery from flash memory. Small Scale Digital Device Forensics Journal 1, 1 (2007), 1--17.

[16]

Byungjo Kim, Dong Hyun Kang, Changwoo Min, and Young Ik Eom. 2014. Understanding implications of trim, discard, and background command for eMMC storage device. In 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE). 709--710.

[17]

Hyunji Chung, Jungheum Park, and Sangjin Lee. 2017. Digital forensic approaches for Amazon Alexa ecosystem. Digital Investigation 22 (2017), S15 -- S25.

Digital Library

[18]

Ike Clinton, Lance Cook, and Shankar Banik. 2016. A survey of various methods for analyzing the amazon echo. The Citadel, The Military College of South Carolina (2016).

[19]

Jim Cooke. 2007. The inconvenient truths of NAND flash memory. Flash Memory Summit 3, 3 (2007), 3--1.

[20]

Daniel J. Dubois, Roman Kolcun, Anna Maria Mandalari, Muhammad Talha Paracha, David Choffnes, and Hamed Haddadi. 01 Oct. 2020. When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers. Proceedings on Privacy Enhancing Technologies 2020, 4 (01 Oct. 2020), 255 -- 276.

[21]

Amir Etemadieh, CJ Heres, and Khoa Hoan. 2017. Hacking Hardware With A $10 SD Card Reader. Blackhat US (2017).

[22]

Google. 2020. Overview | Geolocation API | Google Developers. (2020). https://developers.google.com/maps/documentation/geolocation/overview [Online; accessed 02. May. 2020].

[23]

Open NAND Flash Interface Working Group. 2020. Open NAND Flash Interface Specification. ONFI 4.2 (2020).

[24]

Peter Gutmann. 2001. Data Remanence in Semiconductor Devices. In USENIX Security Symposium. 39--54.

[25]

Jessica Hyde and Brian Moran. 2017. Alexa, are you Skynet. SANS Digital Forensics and Incident Response Summit (2017).

[26]

Magnus Larsson. 2015. Sanitization of embedded network devices: Investigation of vendor's factory reset procedure. (2015).

[27]

S. Li, K. R. Choo, Q. Sun, W. J. Buchanan, and J. Cao. 2019. IoT Forensics: Amazon Echo as a Use Case. IEEE Internet of Things Journal 6, 4 (Aug 2019), 6487--6497.

[28]

MediaTek. 2020. MediaTek 8516 Datasheet. (2020). https://www.mediatek.com/products/tablets/mt8516 [Online; accessed 02. May. 2020].

[29]

Alastair Nisbet, Scott Lawrence, and Matthew Ruff. 2013. A forensic analysis and comparison of solid state drive data retention with trim enabled file systems. (2013).

[30]

Jeong Wook Oh. 2014. Reverse engineering flash memory for fun and benefit. Blackhat US (2014).

[31]

D Pawlaszczyk, J Friese, and C Hummert. 2019. "Alexa, tell me..."-A forensic examination of the Amazon Echo Dot 3 rd Generation. (2019).

[32]

Android Open Source Project. 2020. Full-Disk Encryption | Android Open Source Project. (2020). https://source.android.com/security/encryption/full-disk [Online; accessed 02. May. 2020].

[33]

Android Open Source Project. 2020. Verified Boot | Android Open Source Project. (2020). https://source.android.com/security/verifiedboot [Online; accessed 02. May. 2020].

[34]

Rusolut. 2018. eMMC CHIPS. DATA RECOVERY BEYOND CONTROLLER. (2018). https://rusolut.com/wp-content/uploads/2018/10/eMMCvsNAND.pdf BelkaDay - Belkasoft Digital Forensic Conference 2018, Prague, Czech Republic.

[35]

Lea Schönherr, Maximilian Golla, Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, and Thorsten Holz. 2020. Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers. (2020). arXiv:cs.CR/2008.00508

[36]

Arie Tal. 2002. Two flash technologies compared: NOR vs NAND. White Paper of M-Systems (2002).

[37]

Jan Peter van Zandwijk. 2015. A mathematical approach to NAND flash-memory descrambling and decoding. Digital Investigation 12 (2015), 41 -- 52.

Digital Library

[38]

Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson. 2011. Reliably Erasing Data from Flash-Based Solid State Drives. In Proceedings of the 9th USENIX Conference on File and Stroage Technologies (FAST'11). USENIX Association, USA, 8.

Digital Library

[39]

Li Zhang, Yu an Tan, and Qi kun Zhang. 2012. Identification of NAND flash ECC algorithms in mobile devices. Digital Investigation 9, 1 (2012), 34 -- 48.

Cited By

Vats TSailaja NAnselmo Polido Lopes F(2024)Exploration of User Perspectives around Software and Data-Related Challenges Associated with IoT Repair and Maintenance against Obsolescence: User Study on Software and Data Interactions and Considerations for IoT Repair and Maintenance against ObsolescenceProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685383(1-17)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685383
Yang HKuzniar CJiang CNikolaidis IHaque IVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Characterizing the Security Facets of IoT Device SetupProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688433(612-621)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688433
Agrawal AMaiti R(2024)iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.347108019(10058-10070)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3471080
Show More Cited By

Index Terms

Amazon echo dot or the reverberating secrets of IoT devices
1. Security and privacy

Recommendations

IoT: Imminent ownership Threat
IDEAS '17: Proceedings of the 21st International Database Engineering & Applications Symposium

Internet of things (IoT) is the current trend to connect all types of devices to the internet with the purpose of making remote control of these devices possible from anywhere. This allows for convenience, efficiency and the benefit of collecting data ...
Secure and privacy preserving IoT gateway for home automation
Highlights
- Addressing security and privacy issues in IoT devices in a scalable way
- ...
Abstract
Internet of Things (IoT) applications have become widely popular for academic and industrial purposes in recent years. One of the most important applications in IoT is Home Automation Systems. Home Automation Systems consist of a ...
Graphical Abstract

Display Omitted
IoT Security & Privacy: Threats and Challenges
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

The era of the Internet of Things (IoT) has already started and it will profoundly change our way of life. While IoT provides us many valuable benefits, IoT also exposes us to many different types of security threats in our daily life. Before the advent ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 2021

412 pages

ISBN:9781450383493

DOI:10.1145/3448300

General Chairs:
Christina Pöpper
New York University Abu Dhabi, AE
,
Mathy Vanhoef
New York University Abu Dhabi, AE
,
Program Chairs:
Lejla Batina
Radboud University, NL
,
René Mayrhofer
Johannes Kepler University Linz, AT

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF (National Science Foundation)

Conference

WiSec '21

Sponsor:

SIGSAC

WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 28 - July 2, 2021

Abu Dhabi, United Arab Emirates

Acceptance Rates

WiSec '21 Paper Acceptance Rate 34 of 121 submissions, 28%;

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
9,968
Total Downloads

Downloads (Last 12 months)2,328
Downloads (Last 6 weeks)279

Reflects downloads up to 01 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vats TSailaja NAnselmo Polido Lopes F(2024)Exploration of User Perspectives around Software and Data-Related Challenges Associated with IoT Repair and Maintenance against Obsolescence: User Study on Software and Data Interactions and Considerations for IoT Repair and Maintenance against ObsolescenceProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685383(1-17)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685383
Yang HKuzniar CJiang CNikolaidis IHaque IVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)Characterizing the Security Facets of IoT Device SetupProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688433(612-621)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688433
Agrawal AMaiti R(2024)iTieProbe: How Vulnerable Your IoT Provisioning via Wi-Fi AP Mode or EZ Mode?IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.347108019(10058-10070)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3471080
Knapp AWamuo ERahat MTorres-Arias SBloom GZhuang Y(2024)Should Smart Homes Be Afraid of Evil Maids? : Identifying Vulnerabilities in IoT Device Firmware2024 IEEE 14th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC60891.2024.10427780(0467-0473)Online publication date: 8-Jan-2024
https://doi.org/10.1109/CCWC60891.2024.10427780
Friedl SPernul G(2024)Device Forensics in Smart Homes: Insights on Advances, Challenges and Future DirectionsTransactions on Large-Scale Data- and Knowledge-Centered Systems LVII10.1007/978-3-662-70140-9_3(68-98)Online publication date: 25-Oct-2024
https://doi.org/10.1007/978-3-662-70140-9_3
De Vaere PPerrig ACalandrino JTroncoso C(2023)Hey kimya, is my smart speaker spying on me? taking control of sensor privacy through isolation and amnesiaProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620372(2401-2418)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620372
Gowri SSurendran RJabez JSrinivasulud S(2022)IoT forensics: What kind of personal data can be found on discarded, recycled, or re-sold IoT devicesJournal of Discrete Mathematical Sciences and Cryptography10.1080/09720529.2022.207242225:4(999-1008)Online publication date: 12-Jun-2022
https://doi.org/10.1080/09720529.2022.2072422
Maccario GNaldi M(2022)Privacy in smart speakers: A systematic literature reviewSECURITY AND PRIVACY10.1002/spy2.2746:1Online publication date: 17-Oct-2022
https://doi.org/10.1002/spy2.274
Yüksel TAydın ÖDalkılıç G(undefined)Performing DoS Attacks on Bluetooth Devices Paired with Google Home MiniSSRN Electronic Journal10.2139/ssrn.4171322
https://doi.org/10.2139/ssrn.4171322

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents