Hacking An Amazon Echo Is Easier Than It Should Be

The conspiracy theorists may be right this time: Cybercriminals could use the Amazon Echo to spy on them. A British security researcher demonstrated how he — or anyone — could install malware on an older Echo device (sold before 2017) to stream audio from the hacked device to his remote server. The data security flaw has been addressed in more recent versions of the Amazon Echo, Amazon told Wired in a news report.

While hacking the Echo was relatively simple, it did require the researcher — one Mark Barnes of U.K.-based MWR Labs — to have physical access to the device at some point, so customers using the Echo at home probably don’t need to worry.

However, as an increasing number of hotels and offices deploy the Echo as a tool for convenience, the issue does raise some cybersecurity concerns. Installing the wiretap could be done without leaving a single trace, and there is no software fix to prevent a cyberattack within the code of the older Echoes.

Barnes gained access to the Echo’s inner workings by peeling off the rubber bottom and soldering in connections of his own — one to his computer, the other to an SD card containing a “bootloader” that told the device to boot its own operating system without running the standard authentication measures.

Once a hacker gains access to the inner workings of an Echo, he could use it to attack other parts of the network, said Barnes — stealing access to the owner’s Amazon account, installing ransomware or a slew of other nefarious cybercriminal activities.

Amazon said that customers should always buy devices directly from Amazon or a trusted retailer, because devices sold by a secondhand seller could be compromised by a hacker. The company also urges user to keep their software up to date to protect against cyber attacks and known data security flaws, although this particular wiretap flaw stems from a hardware vulnerability and could not be remedied by a software patch.

Barnes offered a simpler cybersecurity solution: If you’re in a hotel room with an Echo that isn’t yours, you’re better safe than sorry: “Just turn it off.”



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment