In a piece called “Alexa, are you listening?”, security expert Mark Barnes explains that there could be vulnerability in the Amazon Echo that means it can be turned in to a covert microphone that could be used for nefarious purposes.
Barnes writes in the article: “The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering. Such malware could grant an attacker persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device.”
The article goes onto explain (in most technical detail) exactly how this can be done. the immediate reaction is that to ‘hack’ the device in this way you do need physical access to the Echo device. Rather like in spy movies, it’s almost like planting a ‘bug’ in the lampshade. Barnes explains: “Rooting an Amazon Echo was trivial however it does require physical access which is a major limitation. However, product developers should not take it for granted that their customers won’t expose their devices to uncontrolled environments such as hotel rooms.” Perhaps too it shouldn’t be taken for granted that all homes are entirely secure. This could be a vulnerability used for pranks and spying very easily unshared houses of even people of the same household.
At heart though this speaks to the changes and challenges that whizzy and fairly futuristic technology can have to everyday life. There are all sorts of way being able to turn Echo into a microphone could be used: from practical jokes to espionage. It will be interesting to see the extent to which future models of the Echo deal with the findings of Mr Barnes.
One Response
thats not even a question. if it’s possible to hack nasa / the nsa /the cia / the pentagon et al, then it’s possible to hack your internet enabled speaker.
the question is has it happened yet? the answer is yes.