It's hard not to be drawn into the convience of internet-connected hardware, from automating lighting in your house, to alarm systems, to getting advertisements on your fridge (maybe that one we could pass on). But all of these devices need network credentials, and often they have other user data stored on them. What happens when we throw them away? Does the "factory reset" function actually wipe our data? What if they break before we even get to do that? This talk looks at a wide variety of devices, from cheap IoT devices to widely deployed access points, and shows that credentials are often stored in a way allowing simple extraction. The talk also shows how you can use low-cost tools to check this yourself, and even wipe data on devices which are no longer functional or for which the manufacturer does not provide sufficient security. Results and tools are posted to an open-source repository to help end users evaluate specific devices themselves, and take control of their digital trash.
