Some people worry that hackers could infiltrate their smart speakers and spy on them, but that hasn’t been the practical reality — not for Amazon’s Echo, at least. A team of researchers from China’s Tencent has come about as close as you can get right now, however. They’ve disclosed an attack on the Echo that uses both a modified speaker and a string of Alexa web interface vulnerabilities to remotely eavesdrop on regular models. It sounds nefarious, but it requires more steps than would be viable for most intruders.
The team created a rogue Echo by removing a flash memory chip from the device, modifying its firmware to get root access, and soldering it back on its circuit board. After that, the group put the speaker on the same WiFi network as untouched Echos. The researchers used Amazon’s whole-home communication protocol plus the Alexa interface flaws (including address redirection, cross-site scripting and web encryption downgrades) to gain full control over victims’ speakers, including silent recording and playing any sound they like.
Amazon has already fixed the associated internet vulnerabilities. As it stands, the likelihood of a real-world attack was small. A would-be eavesdropper would have to know how to disassemble the Echo, identify (and connect to) a network with other Echos and chain multiple exploits. This would be most useful in hotels and other places where a hacker could both expect smart speakers and hang out without drawing too much attention. If there’s a larger concern, it’s that this demonstrates a snooping exploit is possible in the first place — no matter how unlikely it may be.
Source: Def Con