This won’t come as any surprise to those of you who put tape over your laptop’s cameras, but Alexa might not be 100 percent secure. This week at the Def Con Hacking Conference in Las Vegas, researchers from the Chinese conglomerate Tencent Holdings disclosed that they were able to use a modified Amazon Echo to hack into another Echo running on the same network. The researchers were not only able to take full control over the secondary device but also silently record and transmit audio to a third party, essentially turning the smart speaker into great big bugging devices, as reported by Wired.
If you’re feeling the slightest bit paranoid right now, cool your jets. These white-hat hackers have already informed Amazon of the exploit and the company rolled out security fixes last month.
Researchers Wu Huiyu and Qian Wenxiang also explained that their technique involved far more than a straight-up remote hack, fortunately. First, they had to drastically modify a standard Echo by removing a flash memory chip, modify its firmware to get root access, and solder the chip back to the circuit board. Sure, this involves little more than a little engineering knowledge and some things from RadioShack but it’s still not something your average spy is likely to have on hand.
However, once they placed their rogue device on the same network as other Echo devices, they could use Amazon’s proprietary communication protocols plus some undiscovered Alexa interface flaws (address redirection, cross-site scripting, and web encryption downgrades) to gain full access over the device. They could, for a more banal example, play any sound they wanted to. Or, they could silently record and transmit every single sound in the room, including conversations in adjacent rooms.
When we extend the logic, that means that an espionage outfit could simply replace a single Amazon smart speaker in a hotel’s network and take complete command over every smart speaker on the network. Sleep tight.
“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” the hackers said in a statement to Wired. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”
In addition to noting that the Alexa interface flaws have been patched, Amazon stressed that this particular hack requires a malicious actor to take physical access over at least one device.
This is just the latest in a series of attempts to crack the smart speaker’s security platform. Last year, British hacker Mark Barnes was able to install malware on an Echo via metal contacts accessible under the speaker’s rubber base. The security firm Checkmarx also revealed a potentially dangerous security flaw earlier this year when it hacked Alexa’s recording function via malware on a seemingly innocuous calculator app.