Amazon Echo Show 5 Hacked by Researchers, Earning them $60,000

A couple of security researchers figured out a way to hack the Amazon Echo Show 5 and seize complete control, earning them a prize of $60,000.

On the first day of Pwn2Own Tokyo 2019, researchers of the Fluoroacetate team hacked the personal assistant using an integer overflow in JavaScript.

“The Fluoroacetate duo returned for our first ever attempt in the Home Automation category,” said the organizers of Pwn2Own Tokyo 2019. “They chose the Amazon Echo Show 5 for their target, and with the device in an RF enclosure to ensure no outside interference, they used an integer overflow in JavaScript to compromise the device and take control. This exploit earned them $60,000.”

The compromise of personal assistants such as the Amazon Echo Show 5 and Google Home is a much more significant problem than it might seem at first glance. Many people choose to control other devices in their smart home by using the assistant as a central hub.

It’s fun to order Netflix to play a movie or to turn off the light without getting out of bed. And how about connecting the door lock to the same smart system? Now imagine that your Amazon Echo Show 5 is susceptible to hacks. Suddenly, a whole lot of other devices in the same network become exposed.

Amazon is usually quick to address such vulnerabilities, and this problem will likely be fixed soon. This is why public hacking events are needed — they expose security issues before cybercriminals can exploit them.

One comment

  • By Steph - Reply

    Wait, what? The devices use JavaScript? Dang, that was an easy 60k. Hardly any browsers support JavaScript because of unresolved vulnerability and here we have a state of the art IoT device running that. (insert Homer Simpson saying “DOH!!!”)

  • Add Comment

    Your email address will not be published. Required fields are marked *