Amazon

Hacking An Amazon Echo Is Easier Than It Should Be

The conspiracy theorists may be right this time: Cybercriminals could use the Amazon Echo to spy on them. A British security researcher demonstrated how he — or anyone — could install malware on an older Echo device (sold before 2017) to stream audio from the hacked device to his remote server. The data security flaw has been addressed in more recent versions of the Amazon Echo, Amazon told Wired in a news report.

While hacking the Echo was relatively simple, it did require the researcher — one Mark Barnes of U.K.-based MWR Labs — to have physical access to the device at some point, so customers using the Echo at home probably don’t need to worry.

However, as an increasing number of hotels and offices deploy the Echo as a tool for convenience, the issue does raise some cybersecurity concerns. Installing the wiretap could be done without leaving a single trace, and there is no software fix to prevent a cyberattack within the code of the older Echoes.

Barnes gained access to the Echo’s inner workings by peeling off the rubber bottom and soldering in connections of his own — one to his computer, the other to an SD card containing a “bootloader” that told the device to boot its own operating system without running the standard authentication measures.

Once a hacker gains access to the inner workings of an Echo, he could use it to attack other parts of the network, said Barnes — stealing access to the owner’s Amazon account, installing ransomware or a slew of other nefarious cybercriminal activities.

Amazon said that customers should always buy devices directly from Amazon or a trusted retailer, because devices sold by a secondhand seller could be compromised by a hacker. The company also urges user to keep their software up to date to protect against cyber attacks and known data security flaws, although this particular wiretap flaw stems from a hardware vulnerability and could not be remedied by a software patch.

Barnes offered a simpler cybersecurity solution: If you’re in a hotel room with an Echo that isn’t yours, you’re better safe than sorry: “Just turn it off.”

——————————–

Latest Insights: 

The Which Apps Do They Want Study analyzes survey data collected from 1,045 American consumers to learn how they use merchant apps to enhance in-store shopping experiences, and their interest in downloading more in the future. Our research covered consumers’ usage of in-app features like loyalty and rewards offerings and in-store navigation, helping to assess how merchants can design apps to distinguish themselves from competitors.

Click to comment

TRENDING RIGHT NOW

To Top