- May 17, 2017
Do you own an Amazon Echo?
So are you also worried about hackers turning out your device into a covert listening device?
Just relax, if there's no NSA, no CIA or none of your above-skilled friends after you.
Since yesterday there have been several reports on Amazon Echo hack that could allow a hacker to turn your smart speaker into a covert listening device, but users don’t need to worry because the hack is not simple, requires physical access to the device and does not work on all devices, as well.
Amazon Echo is an always-listening voice-activated smart home speaker that is designed to play music, set alarms, answer questions via the Alexa voice assistant, and control connected smart home devices like WeMo, Hive and Nest.
Hack Turns Amazon Echo Into Spying Device (But It's Complex)
Now researchers from MWR InfoSecurity have demonstrated a hack, showing how hackers can exploit a vulnerability in some models of Amazon Echo to turn them into covert listening devices that can secretly record your most intimate moments.
But the hack is not simple and has some significant limitations:
- The first major limitation of the Amazon Echo hack is that it does involve the hacker being able to gain physical access to the device, though, according to researchers, it is possible to tamper with the Echo without leaving any traces behind.
- The second limitation is that the Amazon Echo hack works only against older models, as the vulnerability discovered by MWR researchers only affects the 2015 and 2016 versions of the AI-powered speaker.
- Another major limitation to carry out this hack is that the attacker should be above average skills in Linux as well as embedded hardware systems.
In short, it is a very sophisticated hack that first requires James Bond to bypass all CCTV cameras, if you have, to stealthily gain physical access to your premises, and then at least 30 minutes spare time with the Amazon Echo to install the malware without leaving any traces of tampering.
In another scenario, as described by the researchers, your house cleaner or maid who has access to your device could also perform this attack, so the researchers dubbed the attack as "evil maid."
However, the 'evil maid' attack is not as impressive as it sounds because in such highly targeted scenario one can simply implant bugging devices with less effort, knowledge and time.
Hacking Amazon Echo: How It Works?
In order to carry out the evil maid hack, MWR Labs security researcher Mark Barnes first removed the Echo's rubber base on the bottom, which allowed them to access 18 debug "pads" Amazon engineers rely on to carry out various diagnostics.
Barnes then directly booted into the actual firmware of the device via an external SD card. From there, he was able to install persistent malware without leaving any physical traces of tampering with the device.
The malware then allowed the researcher to gain remote root shell access of the device, and ultimately access to the 'always listening' microphones.
"Once we'd root we examined the processes running on the device and the scripts that spawn these processes," Barnes wrote. "We were able to understand how audio media is being passed and buffered between processes and the tools that are used to create and interact with these audio buffers."Barnes said his team then developed scripts that leveraged tools embedded on the Amazon Echo to continuously stream the raw microphone audio over TCP/IP to a remote server without affecting the actual functionality of the device itself.
This eventually means that hackers, at least theoretically, can covertly monitor and listen in on users conversations and steal private data without their permission or even realisation.
"The rooting of the Amazon Echo device in itself was trivial; however, it raises a number of important questions for manufacturers of Internet enabled or 'Smart Home' devices," Barnes added.The researcher warned users from buying smart speakers from third-party retailers, along with advising them to push the Echo's mute button to disable the microphone physically.
In response to the MWR's findings, Amazon released a statement saying the best way for users to protect themselves from such tamperings is always to buy the Echo from the company directly.
"Customer trust is very important to us. To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date," the company said.Users owning 2017 models of the device are not affected by this latest hack, as the new models introduced a mitigation that joins two of the crucial debugging pads in a way that prevents the device from external booting.