Amazon Echo speakers turned into listening devices by expert Chinese hackers
author imageJeff ParsonsMonday 13 Aug 2018 4:00 pm

Millions of us have welcomed Alexa into our homes by purchasing one of Amazon’s Echo smart speakers.

The handy gadgets can be used for playing music, shopping and – on some models – even watching video clips.

But they can also be turned against you if a hacker is sufficiently motivated to crack through Amazon’s security and access the device’s microphone and recording ability.

A team of expert hackers from the Tencent corporation in China have demonstrated a worrying technique for turning Amazon’s Echo into a snooping device.
After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,’ a spokesperson for the company told Wired.

They revealed the fruits of their labour at the DefCon security conference on Sunday. But before you start panicking and scrambling to unplug your Echo, the team had already disclosed what they’d found to Amazon who pushed out security fixes last month.

In a nutshell, the hackers took an Echo speaker apart to get hold of the flash memory chip inside. They then rewrote the firmware on the chip and soldered it back together. From there, they could use that Echo device to break into other Echo devices, providing they could get on the same WiFi network.

They then found a way to exploit software vulnerabilities that allowed ‘silent listening’ on these other Echo speakers.
The DefCon event is a good way for security specialists to stay informed about what is going on in the industry. But Amazon says there’s no need to panic.

‘Customer trust is important to us and we take security seriously,’ an Amazon spokesperson said.

‘This issue would have required a malicious actor to have physical access to a customer’s device and the ability to modify the device hardware.’
‘Customers do not need to take any action as their devices have been automatically updated with security fixes.’

Still, it does mean places with public smart speakers – like hotels or office blocks – may want to keep an eye out for security updates.
https://metro.co.uk/2018/08/13/amazon-ec...ackers-7833682/