Chinese hackers have figured out a way to make your Amazon Echo spy on you
Where there’s a will, there’s a way.
For obvious reasons, concerns regarding our personal privacy have surrounded the use of voice-controlled smart devices like the Amazon Echo and Google Home dating back to their inception. Given how easily the government can already spy on us through our phones and tablets, it’s pretty easy to see the security issues that could come when these devices are compromised.
And now, a group of Chinese hackers has unveiled that — with enough time and a little elbow grease — turning the Echo into a home spy tool is entirely achievable.
Researchers Wu Huiyu and Qian Wenxiang laid out such a plan at the DefCon security conference on Sunday, presenting “a technique that chains together a series of bugs in Amazon’s second-generation Echo to take over the devices, and stream audio from its microphone to a remote attacker, while offering no clue to the user that the device has been compromised,” according to Wired.
After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping. When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.
It’s only the latest example of the Echo’s vulnerability, unfortunately. Just a few months ago, one such device recorded a Portland, Oregon family’s conversation and sent it to a random contact thanks to what Amazon later described as a “series of misunderstandings.” While tech companies like Amazon and Google are seemingly doing everything within their power to ensure that mistakes like this don’t happen, this latest revelation truly drives home that no voice assistant is hack-proof yet.
Luckily, there’s good news to be found here. For starters, the degree of difficulty required to pull this particular hack off lies far beyond that of the average tech enthusiast (it involves dismantling an Echo, altering the firmware on its flash chip, and then linking the altered Echo to the same WiFi network as the Echo you’re trying to attack), making it highly unlikely to be carried out en masse.
Furthermore, the findings presented by Huiyu and Wenxiang at DefCon have already been reported to Amazon, which began rolling out security updates at the end of July.
So we’re safe for now, but maybe consider unplugging your Echo the next time you start discussing government conspiracies with your friends. You know, just to be safe.
What do you think? Do you think that these devices need a lot more safeguards before entering the home? Let us know in the comments below.
For more tech and security news, make sure to check out:
- The Snap Pro security camera offers portability and a 180-degree field of view
- Google joins the brick and mortar rebirth with a massive retail location in Chicago
- To kick off Gamescom, Nintendo released and announced some new indie games for the Switch