Smart speakers are growing in popularity, but in addition to providing a level of convenience to home consumers, they can potentially act as another point of entry for hackers and cyber criminals. To demonstrate this, researchers Wu Huiyu and Qian Wenxiang demonstrated at DefCon 2018 a technique for hacking Amazon’s second-generation Echo speaker that allows an attacker to spy on the speaker’s owner.
The hackers spent month developing the technique. On the bright side, they have only managed to intercept the microphone rather than take complete control of the speaker, the latter of which could open the door to hacking an entire home network—speakers like the Echo tap into smart home devices, including door locks and security systems.
What they were able to accomplish, however, is a series of attacks to ultimately compromise a speaker that is considered fairly secure.
“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” reads a description of their work provided to WIRED by the hackers. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.”
The method of attack is not exactly simple, though. It required acquiring and physically modifying an Echo speaker by removing the embedded flash chip so the hackers could write their own custom firmware to it, and then soldering it back into place. Once modified, the Echo smart speaker acted as a malicious tool for hacking other Echo speakers.
Even then, there are hoops to jump through. The modified Echo has to be on the same Wi-Fi network as the target speaker. If an attacker can accomplish all that, they can then leverage a series of web exploits in the Alexa interface, including cross-site scripting, URL redirection, and HTTPS downgrade attacks.
There is no reason to be worried about this specific method being used in the wild. The researchers presented their findings to Amazon, which in turn has already pushed out fixes to patch the security holes that made this type of attack possible.
What the attack does demonstrate, however, is that persistent hackers can find ways of attacking Internet-connected speakers like the Echo, even if the methods require a lot of work.
Top Image Source: Flickr via Shinji