Amazon Echo Hack: Malware Attack Can Listen Through Microphone

Share

Owners of the newest model of the Echo need not worry, as the 2017 version of the device is not vulnerable to the attack thanks to a modification to the hardware. His write-up goes on to describe how he was able to install his own rogue software on the device, create a "root shell" that gives him access over the internet to the hacked Echo, and to "finally remotely snoop on its "always listening" microphones".

You can now control Fire TV and Fire TV Stick streamers by giving commands to an Amazon Echo or Amazon Echo Dot.

Following a full examination of the process running on the device and the associated scripts, MWR's researchers investigated how the audio media was being passed and buffered between the processes and the tools used to do so.

Barnes agrees that his work should serve as a warning that Echo devices bought from someone other than Amazon-like a secondhand seller-could be compromised. Behind the scenes though, the malware sends the raw microphone recordings to a remote server for an attacker to play back.

MTV's 'Siesta Key' premiere party canceled after show, star receive backlash
On the other side of the argument, some said the show would bring a needed new perspective to the Key , and an economic boost. Siesta Beach residents were concerned about the effect the show would have on the community earlier this month.

The attack relies on having physical access to the Echo and it requires quite a bit of work to execute.

"What this research highlights is the need for manufacturers to think about both the physical and digital security risks that the devices may be subjected too and mitigate them at the design and development stage", MWR InfoSecurity's Barnes continued.

Cyber security experts MWR Labs say the vulnerability is because the device has "exposed debug pads" underneath its rubber base, which shows hackers how it loads. The process of linking the two Amazon devices sounds equally simple - just ask the Echo to perform an action with the Fire TV and it will initiate the pairing process.

From there, hackers would be able to boot directly into the firmware by attaching an SD card or install malware without leaving any actual physical traces.

Republican Senator Jeff Flake Accuses GOP of 'Unnerving Silence' Under President Trump
In the halls of the Senate on Tuesday, however, it didn't seem as if Flake's message was being heeded. "That would be a mistake. Flake made a point to reference civility in his book. "If this was our Faustian bargain, then it was not worth it".

But if they did succeed, they could build a small handheld device pre-loaded with malware which could exploit units within just a few minutes.

An Amazon spokesperson said: "Customer trust is very important to us. To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date". So, provided your device is safely ensconced in the confines of your home and you didn't birth the 15-year-old who hacked Talk-Talk, you're likely to be physically out of reach from attackers.

Further recommendations from MWR are to use the Echo's mute button when sensitive information is being discussed, and to monitor network traffic for suspicious activity.

Illinois governor vetoes public school money
Rauner used his amendatory veto powers Tuesday to rewrite a bill that overhauls how the state distributes money to schools. No Illinois school has reported that it'll be unable to open on time, according to the Illinois State Board of Education.

Share