Hackers from China demoed how to hack into an Amazon Echo speaker and transmit the conversation to the cloud without the owner being aware of it.
The myth of smart home speakers – or for that matter, smart home devices being immune to hacking has been debunked given how a pair of Chinese hackers managed to turn an Amazon Echo speaker into a spy bug. The methods employed might not be the simplest and the real-world application of the same might still be way far from feasible yet though the vulnerability has nonetheless been exposed.
Cybersecurity researchers Qian Wenxiang and Wu Huiyu also demoed their findings at the Defcon event wherein they showed on stage how to take control over remote Echo speakers. The target devices, in turn, behaved as spy devices, transmitting user’s conversation on to a remote server without the owner being aware of it all.
The way the entire thing has been pulled off is also extremely innovative given that the researchers first started with an Echo device and stripped it down to the flash chip, change the firmware with their own custom version and re-install the chip onto the device back again. This way, the customized Echo device would then be used to target other similar devices in its vicinity.
However, one requisite for the entire hacking attempt to actually work is having access to the particular user’s Wi-Fi account. This again isn’t the easiest thing to do if the person follows basic security precautions. Also, of course, the entire attempt relied on a few bugs with the Whole Home Audio Daemon which happens to be the way the Echo speaker interacted with other Echo devices.
Current users of the Echo device need not worry of the hacking though given that the said bugs have already been reported to Amazon, which in turn have also patched those with suitable fixes in July. That does not mean the Echo speakers before the fix were vulnerable to the hack. Rather, the speakers happen to be just as secure before the fix as they are now as hacking the smart speakers using the method described above is practically next to impossible.
Nonetheless, those who view smart home devices as security risks will have enough food for thought from the above incident. And with more such smart devices set to invade our homes in future, there sure is a lot to be wary of, it must be said.