The Amazon Echo is vulnerable!

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn3

Amazon Echo (shortened and referred to as Echo) is a smart speaker developed by Amazon.com. The device consists of a 9.25 inch (23.5 cm) tall cylinder speaker with a seven-piece microphone array.

Mark Barnes (security researcher at MWR Labs) has discovered that Amazon’s Echo smart speaker is vulnerable to a physical attack that enables an attacker to get a root shell on the underlying Linux operating system and install malware without leaving physical evidence of the hack.

Attackers can get persistent remote access to the device, steal customer authentication tokens, and the capability to stream live microphone audio to remote services without altering the functionality of the device.

“Rooting an Amazon Echo was trivial however it does require physical access which is a major limitation. However, product developers should not take it for granted that their customers won’t expose their devices to uncontrolled environments such as hotel rooms “

Amazon has fixed the security flaw Barnes exploited in its most recent version of the Echo.

“This vulnerability has been confirmed on the 2015 and 2016 edition of the Amazon Echo however the 2017 edition is not vulnerable to this physical attack. “

To recognize if a device is affected you can check the original pack for a 2017 copyright and a device model number ending 02.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn3
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Latest posts by Eslam Medhat (see all)

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply