Incident: Data Vulnerability in Tesco Hudl Tablet Due to Processor Bug

Published Date: 2014-08-15

Postmortem Analysis
Timeline 1. The software failure incident involving the Tesco Hudl tablet happened in 2014 [29268]. 2. The software failure incident involving Amazon's Echo Dot occurred in 2021 [116763].
System 1. Rockchip processor's firmware in Tesco's Hudl tablet [29268] 2. NAND-based flash memory in Amazon's Echo Dot [116763]
Responsible Organization 1. The bug in the Rockchip processor's firmware was responsible for causing the software failure incident on Tesco's Hudl tablet [29268]. 2. The design flaw in the NAND-based flash memory used in Amazon's Echo Dot devices was responsible for causing the software failure incident [116763].
Impacted Organization 1. Users of Tesco's Hudl tablet [29268] 2. Users of Amazon's Echo Dot devices [116763]
Software Causes 1. A bug in the Rockchip processor’s firmware of the Tesco Hudl tablet [29268] 2. Data remaining on reset Amazon Echo Dot devices due to NAND flash memory design [116763]
Non-software Causes 1. Hardware bug in the Rockchip processor's firmware of Tesco's Hudl tablet [29268] 2. NAND-based flash memory design and data storage in Amazon's Echo Dot devices [116763]
Impacts 1. Personal data, including sensitive information such as unlock codes, Wi-Fi and site passwords, browsing history, and more, was left vulnerable and retrievable from second-hand Tesco Hudl tablets due to a bug in the Rockchip processor's firmware [29268]. 2. Researchers found that Amazon Echo Dot devices, even after a factory reset, retained a wealth of sensitive data such as passwords, locations, authentication tokens, and more, making it relatively easy for someone with physical access to extract this information [116763].
Preventions 1. Implementing encryption on the user data partition to protect sensitive information stored on the device, making data extraction more difficult and costly [116763]. 2. Ensuring that factory resets completely wipe out all sensitive data, including authentication tokens and Wi-Fi credentials, before reselling or disposing of the device [116763]. 3. Conducting thorough testing and validation of the firmware and processor to identify and address any potential security vulnerabilities or bugs that could lead to data exposure [29268]. 4. Providing clear guidance and instructions to users on how to securely wipe personal data from their devices before selling or disposing of them, including using data wiping software in addition to factory resets [29268]. 5. Regularly updating the device's firmware and security protocols to address any newly discovered vulnerabilities and enhance data protection measures [116763].
Fixes 1. Implement encryption of the user data partition to protect sensitive information on devices like the Tesco Hudl tablet and Amazon Echo Dot [29268, 116763]. 2. Ensure that factory resets on devices are effective in removing all personal data, including implementing proper procedures to differentiate between a Wi-Fi password reset and a factory reset [29268, 116763]. 3. Develop firmware updates to encrypt user data or sensitive information on devices to make data extraction more difficult and costly [116763]. 4. Educate users on the importance of securely wiping personal data before selling or disposing of devices [29268, 116763]. 5. Conduct thorough testing and validation of reset procedures to ensure that personal data is completely removed from devices [29268, 116763].
References 1. Security researchers and the BBC [Article 29268] 2. Ken Munro, security expert at Pen Test Partners [Article 29268] 3. Avast researchers [Article 29268] 4. Google [Article 29268] 5. Northeastern University researchers [Article 116763] 6. Amazon spokesperson [Article 116763]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to data not being properly wiped from devices before resale has happened again at Tesco. The incident involved the Tesco Hudl tablet, where a bug in the Rockchip processor's firmware allowed personal data to be retrieved even after a factory reset [29268]. (b) The software failure incident related to data not being properly wiped from devices before resale has also happened at Amazon with its Echo Dot devices. Researchers found that even after a factory reset, sensitive data such as Wi-Fi credentials and Amazon account information remained on the devices, making it easy for someone with physical access to extract this information [116763].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the incident involving the Tesco Hudl tablet [29268]. The vulnerability in the tablet was attributed to a bug in its Rockchip processor’s firmware, which allowed security experts to read and write data stored on the device, including sensitive information like unlock codes, Wi-Fi passwords, and browsing history. This design flaw in the processor's firmware contributed to the failure of securely wiping personal data from the device, even after a factory reset was performed. (b) The software failure incident related to the operation phase can be observed in the incident involving Amazon's Echo Dot [116763]. Researchers found that even after performing a factory reset on the Echo Dot devices, digital bits that remained on the reset devices could be reassembled to retrieve sensitive data such as passwords, locations, authentication tokens, and more. This indicates a failure in the operation or misuse of the system, where users may not have been fully aware of the potential risks of data retention even after a reset, leading to the exposure of personal information.
Boundary (Internal/External) within_system (a) within_system: The software failure incident related to the Tesco Hudl tablet and Amazon's Echo Dot can be categorized as within_system failures. In the case of the Tesco Hudl tablet, the vulnerability was due to a bug in the tablet's Rockchip processor's firmware, which allowed security experts to read and write data stored on the device [29268]. Similarly, in the case of Amazon's Echo Dot, researchers found that even after a factory reset, sensitive data such as Wi-Fi credentials, previous owner's information, and connected devices' details remained on the device's flash memory, indicating a failure within the system to completely wipe out data [116763].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: - In the incident involving the Tesco Hudl tablet [29268], a bug in the Rockchip processor’s firmware was identified as the vulnerability that allowed data retrieval from second-hand devices. This bug in the processor's firmware was a non-human factor that contributed to the software failure incident. (b) The software failure incident occurring due to human actions: - In the incident involving Amazon's Echo Dot [116763], researchers found that even after a factory reset, sensitive data remained on the reset devices, including passwords, locations, authentication tokens, and more. This indicates that the failure to completely wipe the data during the reset process was a contributing factor introduced by human actions.
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - In the incident involving the Tesco Hudl tablet, a bug in the Rockchip processor's firmware was identified as the vulnerability that allowed security experts to read and write data stored on the device [29268]. - Researchers examining Amazon Echo Dot devices found that even after a factory reset, sensitive data such as Wi-Fi credentials and previous owner information remained on the NAND flash memory of the devices, indicating a hardware-related issue in securely wiping data [116763]. (b) The software failure incident occurring due to software: - The incident with the Tesco Hudl tablet highlighted a software bug in the Rockchip processor's firmware as the root cause of the vulnerability that allowed data retrieval [29268]. - Researchers discovered that the software reset process on Amazon Echo Dot devices did not completely erase sensitive data from the NAND flash memory, indicating a software-related failure in the reset mechanism [116763].
Objective (Malicious/Non-malicious) malicious, non-malicious (a) The software failure incident reported in the articles is related to a malicious objective. The incidents involved security researchers discovering vulnerabilities in devices such as Tesco's Hudl tablet and Amazon's Echo Dot that allowed for the retrieval of sensitive data even after a factory reset. For example, in the case of the Tesco Hudl tablet, a bug in the Rockchip processor's firmware allowed for the extraction of data like unlock codes, Wi-Fi passwords, and browsing history [29268]. Similarly, researchers found that used Echo Dots could still contain sensitive information such as Wi-Fi credentials, Amazon account details, and information about connected devices even after a factory reset [116763]. (b) The incidents were non-malicious in the sense that the vulnerabilities were not intentionally introduced to harm the system but rather stemmed from flaws in the devices' design or firmware. For instance, the vulnerability in the Rockchip processor's firmware of the Tesco Hudl tablet was exploited by security researchers to access data, indicating a flaw in the device's security measures [29268]. Similarly, the researchers who examined the Echo Dot devices found that the data remaining on reset devices was due to the way NAND-based flash memory handles deleted data, highlighting a design issue rather than a deliberate act to compromise security [116763].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident related to the Tesco Hudl tablet and Amazon's Echo Dot can be attributed to poor decisions made in the design and implementation of the devices' factory reset processes. In both cases, researchers discovered that even after performing a factory reset on the devices, sensitive data such as passwords, Wi-Fi credentials, and personal information remained accessible to potential attackers [29268, 116763]. This indicates that the decision to not completely wipe the data during a factory reset, leaving behind remnants that could be exploited, was a poor decision that led to the software failure incidents.
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident related to development incompetence can be seen in the case of the Tesco Hudl tablet. The incident was caused by a bug in the tablet's Rockchip processor's firmware, which allowed security researchers to retrieve sensitive data even after a factory reset was performed. This bug in the firmware was a result of a lack of professional competence in ensuring data security and proper data wiping procedures [29268]. (b) The software failure incident related to accidental factors can be observed in the case of Amazon's Echo Dot devices. Researchers found that even after performing a factory reset on these devices, digital bits that remained on the reset devices could be reassembled to retrieve sensitive data accidentally left behind by the previous owners. This accidental oversight in data wiping procedures led to the exposure of passwords, locations, authentication tokens, and other sensitive information [116763].
Duration permanent (a) The software failure incident described in the articles is more aligned with a permanent failure. In both articles, it is highlighted that even after performing a factory reset on devices such as Tesco's Hudl tablet and Amazon's Echo Dot, sensitive data including passwords, Wi-Fi credentials, and other personal information remained accessible to researchers who were able to extract this data from the devices [29268, 116763]. This indicates a fundamental flaw in the software or firmware of these devices that allows data to persist even after supposed data wiping procedures, making the failure more permanent in nature.
Behaviour omission, value, other (a) crash: The articles do not mention any instances of a crash where the system loses state and does not perform any of its intended functions. (b) omission: The software failure incident related to omission is evident in both articles. In Article 29268, it is mentioned that a bug in the processor of Tesco's Hudl tablet left private data at risk, and even after a factory reset, deleted data could still be retrieved, indicating an omission in fully wiping out the data. In Article 116763, researchers found that 61% of used Amazon Echo Dot devices bought had not been factory reset, leading to the omission of removing sensitive data like Wi-Fi passwords, account credentials, and device information. (c) timing: The articles do not mention any instances of a timing failure where the system performs its intended functions too late or too early. (d) value: The software failure incident related to value is seen in both articles. In Article 29268, it is highlighted that personal data was not fully wiped from second-hand Tesco Hudl tablets, indicating a failure in performing the intended function of data deletion. In Article 116763, researchers were able to extract sensitive data like Wi-Fi credentials, account information, and device details from reset Amazon Echo Dot devices, showcasing a failure in maintaining the value of user privacy and security. (e) byzantine: The articles do not mention any instances of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The other behavior observed in the software failure incidents is related to security vulnerabilities. Both articles discuss how security flaws in the devices' processors or firmware led to the exposure of sensitive data, indicating a failure in ensuring robust security measures to protect user information.

IoT System Layer

Layer Option Rationale
Perception sensor, processing_unit, network_communication, embedded_software (a) sensor: Failure due to contributing factors introduced by sensor error: - Article 29268 mentions a bug in the Rockchip processor's firmware of Tesco's Hudl tablet, which led to vulnerabilities allowing the retrieval of sensitive data like unlock codes, passwords, and browsing history. This bug in the processor's firmware can be considered a sensor error as it relates to the hardware component responsible for sensing and processing data [29268]. (b) actuator: Failure due to contributing factors introduced by actuator error: - There is no specific mention of an actuator error in the provided articles. (c) processing_unit: Failure due to contributing factors introduced by processing error: - The incident in Article 29268 involves a bug in the Rockchip processor's firmware of Tesco's Hudl tablet, which allowed the retrieval of sensitive data. This bug in the processor's firmware can be considered a processing error as it relates to the processing unit of the device [29268]. (d) network_communication: Failure due to contributing factors introduced by network communication error: - Article 116763 discusses how researchers were able to extract sensitive information from Amazon Echo Dot devices, including Wi-Fi credentials and location data, even after a factory reset. This extraction of data highlights a potential network communication error where data was not securely transmitted or stored, leading to a breach of sensitive information [116763]. (e) embedded_software: Failure due to contributing factors introduced by embedded software error: - Both articles discuss vulnerabilities and flaws in the firmware or software of the devices. Article 29268 mentions a bug in the Rockchip processor's firmware of Tesco's Hudl tablet, while Article 116763 talks about how researchers were able to extract sensitive data from Amazon Echo Dot devices due to data remaining on reset devices. These incidents point to errors in the embedded software or firmware of the devices, leading to security vulnerabilities and data exposure [29268, 116763].
Communication unknown The software failure incident reported in the articles does not directly relate to a failure at the communication layer of the cyber-physical system. Instead, the incidents discussed in the articles focus on security vulnerabilities and data privacy issues related to the improper handling of data on devices such as Tesco's Hudl tablet and Amazon's Echo Dot. The failures discussed are more related to data security, privacy, and the effectiveness of factory resets in removing personal data from devices, rather than failures at the communication layer of a cyber-physical system.
Application FALSE The software failure incidents described in the provided articles do not directly relate to the application layer of the cyber physical system failing due to bugs, operating system errors, unhandled exceptions, or incorrect usage. The incidents discussed in the articles primarily focus on security vulnerabilities and data privacy issues related to the improper handling of data on devices like Tesco's Hudl tablet and Amazon's Echo Dot. Therefore, the specific failure related to the application layer as defined in the question is unknown based on the information provided in the articles.

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence, other (a) death: There is no mention of any deaths resulting from the software failure incidents in the provided articles. (b) harm: The articles do not mention any physical harm caused to individuals due to the software failure incidents. (c) basic: The articles do not indicate any impact on people's access to food or shelter due to the software failure incidents. (d) property: The software failure incidents resulted in the exposure of sensitive personal data, including passwords, browsing history, and other information, which could potentially lead to harm or misuse of individuals' data [29268, 116763]. (e) delay: There is no mention of any activities being postponed due to the software failure incidents. (f) non-human: The software failure incidents primarily impacted electronic devices such as tablets and IoT devices, rather than non-human entities. (g) no_consequence: The software failure incidents had real observed consequences, particularly in terms of data exposure and privacy risks [29268, 116763]. (h) theoretical_consequence: The articles discuss potential consequences of the software failure incidents, such as the risk of sensitive data exposure and unauthorized access to personal information [29268, 116763]. (i) other: The software failure incidents highlighted the importance of properly wiping personal data from devices before resale or disposal to prevent data exposure and privacy breaches [29268, 116763].
Domain health The software failure incident reported in the articles is related to the industry of (j) health. The incidents involved vulnerabilities in devices such as Tesco's Hudl tablet and Amazon's Echo Dot, which could lead to the exposure of sensitive data like passwords, Wi-Fi credentials, and personal information of users. These security flaws in the devices could potentially compromise the privacy and security of individuals using them in various contexts, including healthcare, health insurance, and related industries. [Cited Articles: <Article 29268>, <Article 116763>]

Sources

Back to List