A newly discovered hack against the Amazon Echo can allow attackers to spy on people using the smart speaker, raising fresh concerns on the security of the device.
The capabilities of the Amazon Echo are near limitless, with over 15,000 Alexa skills available to the smart speaker as of early July. The device can be hacked to listen in on the user's conversations though, which is an ability that is likely not part of any customer's wish list.
The Amazon Echo Hacked To Be A Spying Device
Security researcher Mark Barnes detailed the discovered Amazon Echo hack in a blog post, revealing the vulnerability of the smart speaker to a physical attack that will allow a hacker to gain control of the device's operating system and install malware without leaving behind any clue that the Amazon Echo was compromised.
According to Barnes, the exposed debug pads on the base of some Amazon Echo devices present a way for hackers to compromise the smart speaker by booting from an inserted SD card, using it to overwrite the firmware of the device. Once that is accomplished, the hacked Amazon Echo can then send all the audio captured by its microphone to the attacker, with the device retaining its spying capabilities even after the SD card is removed.
How To Stay Safe From Spying Amazon Echo Smart Speakers
It should be noted that the Amazon Echo hack revealed by Barnes only works on models of the smart speaker released before 2017. This is because the 2017 model of the Amazon Echo comes with changes to its internal hardware that prevents the smart speaker from booting directly from SD cards, leaving no way for hackers to execute the attack.
In addition, once the attack is carried out, it becomes very difficult to stop as any security patches installed into the compromised Amazon Echo will only be rewritten. This leaves the 2015 and 2016 models of the Amazon Echo perpetually vulnerable to the hack.
Amazon Echo speakers in homes are less affected by the vulnerability, as hackers will find it hard to gain access to the devices without being noticed. The hack, however, becomes very dangerous when used in public places with Amazon Echo devices, such as hotel rooms. Customers should also be wary of buying used Amazon Echo speakers, as they could be hacked.
When checking in to a hotel room with a 2015 or 2016 model of the Amazon Echo, it is recommended to shut down the device to ensure safety. Customers are also recommended to only buy Amazon Echo speakers from trusted sources. For home users, it might be time to upgrade to a 2017 model, or purchase the Amazon Echo 2 as soon as it is launched.