CATEGORIES
home News

Older Amazon Echo AI Speakers Hacked To Spy 24-7 With Live Microphone

by Shane McGlaunWednesday, August 02, 2017, 08:36 AM EDT

MWR Labs has been able to demonstrate a hack on older Amazon Echo speakers that turns the device into an always-on spy sitting right in your home. Detractors of the way Amazon crafted it's speakers to always listen for your voice will use this as an "I told you so" moment.

According to the researchers, the Echo is vulnerable to a physical attack that lets the attacker gain root shell access to the Linux operating system the Echo speaker runs. The scary part is that the root access and installation of the malware could grant the attacker persistent remote access to the device's microphone among other things, without leaving a trace of evidence to tip off the physical tampering of the device.

In addition to potential access to what is being said inside your home, the attack can also allow the hacker to steal customer authentication tokens and have persistent remote access to the device. MWR Labs says that the hack is made possible by two design choices Amazon made with the hardware of the Echo speaker including exposed debug pads the Echo base and hardware configuration settings allow booting from SD cards.

AmazonEcho

The hack allowing the Echo to be turned into a "wiretap" inside your home built on previous work where researchers figured out how to boot into a generic Linux environment from an external SD card. That external SD card image is available on github along with details on the debug pins. MWR Labs says that once you remove the rubber base of the Echo you will find 18 debug pads and details on what each of those pads do are available online.

Once the researchers connected to the exposed pads, they were able to watch the device boot and glean details on its configuration. The team does note that during the boot sequence, said sequence cannot be interrupted and no shell or login prompt is offered. The team says that the MCU inside the Echo speaker is a TI product and before it boots from the internal eMMC unit it always tries to boot from an SD card connected to the exposed debug pads.

Once rooted, the team was able to interact with audio buffers and coax the Echo speaker into streaming the audio heard via TCP/IP to a remote service. The team was able to sample the data and save it as a wav file or play it out of the speakers of the remote device. The hack didn't affect normal functionality of the Echo. The team says that the vulnerability has been confirmed on 2015 and 2016 Echo speakers, but the 2017 version isn't vulnerable to the attack.

The team says that rooting the device and installing the hack was "trivial", but that it does require physical access to the device. 

Tags:  security, Hack, (NASDAQ:AMZN), amazon echo
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment