Elaborate hack turned Amazon Echo speakers into spies

Some people worry that hackers could infiltrate their smart speakers and spy on them, but that hasn’t been the practical reality — not for Amazon’s Echo, at least. A team of researchers from China’s Tencent has come about as close as you can get right now, however. They’ve disclosed an attack on the Echo that uses both a modified speaker and a string of Alexa web interface vulnerabilities to remotely eavesdrop on regular models. It sounds nefarious, but it requires more steps than would be viable for most intruders.

The team created a rogue Echo by removing a flash memory chip from the device, modifying its firmware to get root access, and soldering it back on its circuit board. After that, the group put the speaker on the same WiFi network as untouched Echos. The researchers used Amazon’s whole-home communication protocol plus the Alexa interface flaws (including address redirection, cross-site scripting and web encryption downgrades) to gain full control over victims’ speakers, including silent recording and playing any sound they like.

Amazon has already fixed the associated internet vulnerabilities. As it stands, the likelihood of a real-world attack was small. A would-be eavesdropper would have to know how to disassemble the Echo, identify (and connect to) a network with other Echos and chain multiple exploits. This would be most useful in hotels and other places where a hacker could both expect smart speakers and hang out without drawing too much attention. If there’s a larger concern, it’s that this demonstrates a snooping exploit is possible in the first place — no matter how unlikely it may be.

Via: Wired

Source: Def Con

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.