Amazon Echo Hack: Malware Attack Can Listen Through Microphone

Share

Owners of the newest model of the Echo need not worry, as the 2017 version of the device is not vulnerable to the attack thanks to a modification to the hardware. His write-up goes on to describe how he was able to install his own rogue software on the device, create a "root shell" that gives him access over the internet to the hacked Echo, and to "finally remotely snoop on its "always listening" microphones".

You can now control Fire TV and Fire TV Stick streamers by giving commands to an Amazon Echo or Amazon Echo Dot.

Following a full examination of the process running on the device and the associated scripts, MWR's researchers investigated how the audio media was being passed and buffered between the processes and the tools used to do so.

Barnes agrees that his work should serve as a warning that Echo devices bought from someone other than Amazon-like a secondhand seller-could be compromised. Behind the scenes though, the malware sends the raw microphone recordings to a remote server for an attacker to play back.

The attack relies on having physical access to the Echo and it requires quite a bit of work to execute.

"What this research highlights is the need for manufacturers to think about both the physical and digital security risks that the devices may be subjected too and mitigate them at the design and development stage", MWR InfoSecurity's Barnes continued.

Читайте также: MTV's 'Siesta Key' premiere party canceled after show, star receive backlash

Cyber security experts MWR Labs say the vulnerability is because the device has "exposed debug pads" underneath its rubber base, which shows hackers how it loads. The process of linking the two Amazon devices sounds equally simple - just ask the Echo to perform an action with the Fire TV and it will initiate the pairing process.

From there, hackers would be able to boot directly into the firmware by attaching an SD card or install malware without leaving any actual physical traces.

But if they did succeed, they could build a small handheld device pre-loaded with malware which could exploit units within just a few minutes.

An Amazon spokesperson said: "Customer trust is very important to us. To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date". So, provided your device is safely ensconced in the confines of your home and you didn't birth the 15-year-old who hacked Talk-Talk, you're likely to be physically out of reach from attackers.

Further recommendations from MWR are to use the Echo's mute button when sensitive information is being discussed, and to monitor network traffic for suspicious activity.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Share