Amazon Echo (shortened and referred to as Echo) is a smart speaker developed by Amazon.com. The device consists of a 9.25 inch (23.5 cm) tall cylinder speaker with a seven-piece microphone array.
Mark Barnes (security researcher at MWR Labs) has discovered that Amazon’s Echo smart speaker is vulnerable to a physical attack that enables an attacker to get a root shell on the underlying Linux operating system and install malware without leaving physical evidence of the hack.
Attackers can get persistent remote access to the device, steal customer authentication tokens, and the capability to stream live microphone audio to remote services without altering the functionality of the device.
“Rooting an Amazon Echo was trivial however it does require physical access which is a major limitation. However, product developers should not take it for granted that their customers won’t expose their devices to uncontrolled environments such as hotel rooms “
Amazon has fixed the security flaw Barnes exploited in its most recent version of the Echo.
“This vulnerability has been confirmed on the 2015 and 2016 edition of the Amazon Echo however the 2017 edition is not vulnerable to this physical attack. “
To recognize if a device is affected you can check the original pack for a 2017 copyright and a device model number ending 02.
Latest posts by Eslam Medhat (see all)
- 600 powerful bitcoin-mining machines have been stolen in Iceland - March 5, 2018
- Lenovo has released patches to fix critical Wi-Fi vulnerabilities - February 13, 2018
- BitGrail cryptocurrency exchange has been hacked – More than $160 million stolen in Nano - February 13, 2018