Hackers Can Turn Amazon Echo Into a Covert Listening Device (helpnetsecurity.com) 13
Orome1 shares a report from Help Net Security: New research released by MWR InfoSecurity reveals how attackers can compromise the Amazon Echo and turn it into a covert listening device, without affecting its overall functionality. Found to be susceptible to a physical attack, which allows an attacker to gain a root shell on the Linux Operating Systems and install malware, the Amazon Echo would enable hackers to covertly monitor and listen in on users and steal private data without their permission or knowledge. By removing the rubber base at the bottom of the Amazon Echo, the research team could access the 18 debug pads and directly boot into the firmware of the device, via an external SD card, and install persistent malware without leaving any physical evidence of tampering. This gained them remote root shell access and enabled them to access the "always listening" microphones. Following a full examination of the process running on the device and the associated scripts, MWR's researchers investigated how the audio media was being passed and buffered between the processes and the tools used to do so. Then they developed scripts that leveraged tools embedded on the device to stream the microphone audio to a remote server without affecting the functionality of the device itself. The raw data was then sampled via a remote device, where a decision could then be made as to play it out of the speakers on the remote device or save the audio as a WAV file. The vulnerability has been confirmed to affect the 2015 and 2016 editions of the device. The 2017 edition of the Amazon Echo is not vulnerable to this physical attack. The smaller Amazon Dot model also does not carry the vulnerability. More technical details can be found here.
News! (Score:4, Insightful)
Re: (Score:2)
Hackers can turn your laptop camera into a surveillance device, this has been foiled by smart people with tape.
Echo and Google Home users should submerse their devices in a bucket of oil when not in use; please don't use water as this may cause a power short.
Re: (Score:2)
The "hack" described in TFA requires physical access to the device. Anything can be compromised by someone with physical access. For instance, I can "hack" the smart-lock on your front door with my sledgehammer.
Re:News! (Score:4, Informative)
Obligatory (Score:1)
"Amazon Echo still a covert listening device"
Holy Possessed Toaster (talkie anyone) (Score:2)
How many average consumer devices can't be compromised with physical access to the hardware?
Couldn't someone also just plant a bug in the thing (or somewhere else in your house) and listen to you that way?
In what world is this news?
Why buy this crap? (Score:2)
Always listening device,
Who in their right mind thought these tools would be useful to a consumer? Are people out there really that dense to think that a device like this isn't sending every waking minute of their lives to some spook at the NSA?
Every time I hear someone go on and on about how the "Internet of Things" is the next great land rush, I laugh. The sooner this and 360 VR die the better.
Re: (Score:1)
It is going to be more interesting ... (Score:1)
Once again (Score:2)
Star Trek had it right. First you poke the button on the communicator, then it listens...