A group of Chinese researchers have developed a new technique to hijack the Amazon Echo.
Since smart speakers were introduced in homes, they have been subjects to many software security issues. Now, a Chinese group has announced that it has figured out a way to bypass the security on one of Amazon's most popular gadgets by making use of its weaknesses to spy on regular models.
How To Compromise The Device
The crew made the hacked model by removing its flash memory chip and modifying its firmware. The compromised parts were then attached back to its original circuit board and connected to the same Wi-Fi network with the other unhacked devices.
The Chinese researchers used Amazon's whole-home communication protocol, which included Alexa's interface flaws in order to hack the victim's speakers. The move enabled them to record secretly and play any sound they please.
During the DefCon security conference on Aug. 12, researchers Qian Wenxiang and Wu Huiyu presented a method that connects a series of malware in the Echo to hack the devices and play audio from its microphone to a remote attacker while not making it obvious that the gadget has been compromised. Qian and Wu work for Tencent, a Chinese tech company.
"After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping," stated a description provided to Wired by the hackers.
The attackers added that when the privacy breach succeeds, they can control the Amazon Echo to be a silent spy by recording everything it hears
Chances Of Breach
However, Echo owners should not be afraid, as Amazon has made an effort to take care of its internet vulnerabilities and fix its security issues last July. In fact, the chance of an attack to users is little.
For someone to get access, it would require impressive hardware skills. Hackers need to disassemble the Echo and identify and connect to a network with other Echo speakers. This high degree of difficulty indicates that it would not be used against an average person who owns an Echo.
Moreover, the breach would be very likely in hotels and places where a hacker could both find smart speakers and stay without garnering unwanted attention.
This is not the first time people have discovered a way to hack the device. In May, Forbes reported that a team of researchers from Indiana University uncovered a technique called "voice squatting."