DEF CON Update: Researchers Find A Method To Turn Amazon Echo Into A Spy

The Amazon Echo is generally the first name which comes to mind when you think of a smart home speaker device. While the Echo has made it into a lot of homes, the security community has seen them as the primary target for invading user’s privacy. Although no Amazon Echo malware has been seen in the wild and there aren’t any even working proof-of-concept attacks, no device is 100% secure. A group of Chinese hackers have spent months coming up with a new method to hijack the voice assistant.

Is the Method Working Perfectly?

The method is not full blown remote take over, but it is the closest thing so far to a practical demo of how these devices can be used to spy on people.

Security Researchers named Wu Hui Yu and Qian Wenxiang presented an exploit that will compromise Amazon’s Second-Gen Echo and allow for streaming audio from its microphone without the user knowing the device has been compromised.

I Have An Amazon Echo Device – Should I Be Worried?

Owners of the Echo devices don’t need to be panic as the hackers have already brought it to the attention of Amazon. The company also have pushed security patches out in July 2018. The hack requires serious hardware skills and also access to the Amazon Echo’s Wi-Fi network. The researchers made the following comments:

“After several months of investigation, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” reads a report of their work provided to WIRED by the hackers, who work on the Blade team of security researchers at Chinese tech giant Tencent. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”

Limitations Of The Vulnerability

One of the requirements of the vulnerability is that the victim and the hacker need to be present on the same WiFi network. When asked about Echo’s security:

A truly remote Echo hack wouldn’t be easy, says Jake Williams, a former member of the NSA’s elite hacking team Tailored Access Operations.

Amazon has also responded saying that all the Echo devices have been updated with the latest firmware already and the vulnerabilities have been fixed. However with smart home speakers now becoming the norm with increased focus from researchers in the area and concern from governments regarding privacy we’re sure this isn’t the last vulnerability that will come to light.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients