Did you know I can hack you from several yard sale items?
by Dominic Alvieri
June 12th, 2024
Can You Help Me With My Smart Dryer?
Kids did I ever tell you how I prevented your mom from getting hacked?
Cybersecurity articles are either way too technical or way too simply not containing any concrete or actionable information the average person can utilize.
In the simplest terms any device that has been connected to the internet will leave a digital trail and be left stored in that devices memory. They don't just magically disappear...you have to remove them.
 |
| It can without wiping your old IoT device memory. |
A Simple Question Asked and Not Answered
Whenever you dispose of any IoT device what must you do with the devices memory?
36 out of 36 random people that I asked this question to failed to answer it correctly. You must successfully wipe clean your old device memory before selling or disposing of the device. Not one of the 36.
***Important Disclaimer***
A proper forensic investigation should be done on a copy and not the original to avoid chance of corruption or tampering and it is usually copied as an image and then added as a data source to investigate further depending on the tool you are using. Please do your own research on how to properly conduct a forensic investigation but that is a key principle to strictly adhere to.
Secondly just to be safe I am leaving out the brand names of the devices researched. Remember that any device that connects to the internet will leave a digital trail. The credentials don't just disappear.
Smartphone, Tablet, Camera, Printer...
I was driving around the other day and saw a yard sale sign and looking for a few things.
How is Your Smart Washer Connecting to the Internet?
The Yard Sale Hack
It didn't take long to see an old Android smartphone and a printer for sale. I asked the owner if she new that I could find all types of credentials and data left if she didn't clean the memory from her devices. She didn't know how to respond. I explained the research I was doing. She said she deleted all the photos on the phone so she was ok. ( yikes! ) I explained how to properly dispose of any IoT device. She agreed to the sales and research. I returned the devices in a few days and revealed my findings.
Digital Forensics
I've been hacking and breaking things for a long time but I also track and trace cyber criminals & cryptocurrencies and forensically go over all types of devices. Autopsy is one of my favorite tools but I use several depending on what type of device ( desk top hard drive, smartphone, printer, etc.) I am going to go over and what I am looking for. I used several tools and addons for this project so I won't bore you.
Different devices have different types of memory. The hard drive in your computer is obviously different from the memory and storage in your smartphone. That is a blog for another day.
It's All in the Credentials
In short the printer had her Wi-Fi credentials in plain text and the smartphone had a treasure trove of information that could be used against her. I agreed not to expose any personal details except for the minimal details that we agreed upon so sorry no redacted screen shots.
How I Prevented Your Mother From Getting Hacked
What is the Best Thing to do When Disposing of an IoT device?
The best single piece of advice when getting rid of old IoT devices is to wipe clean your old IoT device memory. Every single IoT device. It is just that simple. Your can remove and destroy the storage media which also works but isn't very practical with smartphones.
How?
Again in simple term depending on the type of storage media there is professional software like Eraser or other commercial tools available. For all other devices such as printers, assistants and other non-smartphone type devices they will have instructions usually in their settings and should be a factory reset as a worst case minimum.
Check your devices manual and carefully go over their instructions.
Stay safe online and off.
