2 min read

Hackers could install malware on your Amazon Echo to secretly 'wiretap' you

Graham CLULEY

August 01, 2017

Hackers could install malware on your Amazon Echo to secretly 'wiretap' you

Security researchers have discovered that the Amazon Echo is vulnerable to attacks that could allow a hacker to install malware capable of secretly spying on the device’s microphone to hear what is being said in its vicinity.

In a technical blog post, researchers at MWR have described how they were able to exploit hardware design choices in the 2015 and 2016 editions of Amazon’s Echo home assistant to turn it into a covert listening device.

Conveniently for any attacker attempting to spy on a target without their permission, the attack does not affect the Amazon Echo’s overall functionality – meaning that to the victim the device will appear to be working sas normal.

Less conveniently for any wannabe snoop, the attack requires physical access to the device: the rubber base of the Amazon Echo must be removed tio expose debug pads, allowing the device to be booted from an external SD card.

If an attacker manages to gain access to an Amazon Echo of interest they can directly boot into the device’s firmware from an external SD card, gain remote root shell access and install malware that remotely snoops on the ‘always listening’ microphones.

 

Your first defence, of course, is that this attack is only possible through physical access to the device. An Amazon Echo in your home is less likely to be targeted by a hacker than an Amazon Echo in a public area or shared space.

With some hotels equipping all their hotel rooms with their very own Amazon Echo, it’s clear that the privacy concerns are not merely theoretical.

And even home owners may be at risk too, as it’s conceivable that a jealous partner might implant malware on your Amazon Echo to keep tabs on you after you have kicked them out of your life. It would also perhaps to be wise to consider that there is also a risk if you purchase a second-hand Amazon Echo.

There is some good news for concerned Amazon Echo users. According to the researchers, the vulnerability has been confirmed on the 2015 and 2016 edition of the Amazon Echo, but is not present on the 2017 edition. A change implemented by Amazon in the latest edition of its Echo device has effectively prevented external booting.

According to researchers, you can easily verify if your Amazon Echo device is protected against the vulnerability by examining the device’s model number and copyright message (if you’re lucky you’ll see a device model number ending in 02).

Furthermore, the Amazon Echo does come with a physical “mute” button that disables the microphone, and cannot be subverted by changes to the software. However, one has to wonder how frequently the typical Amazon Echo user makes use of such functionality.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software New Malware Campaign Targets Linux and Web Apps to Install Crypto-Mining Software
Silviu STAHIE

September 23, 2021

1 min read
What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer? What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?
Filip TRUȚĂ

September 23, 2021

2 min read
Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day Security Researcher Publishes Lock Screen Bypass for iOS 15 on Launch Day
Silviu STAHIE

September 22, 2021

1 min read