Your Amazon Echo is a spy in plain sight

A British security researcher has just shown how easy it is to turn an Amazon Echo into an eavesdropping device.

British researcher Mark Barnes has just demonstrated a technique that will allow anyone with physical access to an Amazon Echo to install malware to it, letting anyone eavesdrop on your conversations. Barnes showed that he could stream audio to his remote server, and while the technique only works on devices sold before 2017, there’s no software fix for older units either.

That doesn’t mean you should go trash your Amazon Echo straight away - physical access is required to execute the hack – but it should give you pause when staying at hotel rooms with similar devices. Or when leaving your smart speaker unattended and out of your control.

Barnes’ method takes advantage of “two hardware design choices” made by Amazon: exposed debug pads on the base of the Echo, and a hardware configuration setting which allows the device to boot from an external SD card.

What he did was to remove the rubber base of a pre-2017 Echo and decipher which of the 18 debug pads corresponded to what function. The configuration of the Echo is such that it first tries to boot from an SD Card connected to the debug pads before reading from the internal eMMC unit.  Thus, Barnes booted into the firmware of the Echo by physically connecting the Echo to an external SD Card breakout board.

Each pad corresponds serves a particular purpose.

Each pad corresponds serves a particular purpose.

This allowed Barnes and his team to install a persistent implant to interrupt the boot process, thus taking over the unit and allow for remote access without the physical connection. By examining the processes running, they were also able to understand how audio was passed and stored in the Echo, and subsequently stream it over TCP/IP to a remote device. All without affecting the functionality of the Echo!

While Amazon has subsequently fixed the security flaws Barnes exploited in its recent versions of the Echo, Barnes thinks his work should act as a warning to the public that devices like the Echo can be modified and exploited fairly easily, so care should be taken when purchasing from someone other than Amazon.

In fact, if you’re in a public or semipublic place like a hotel room, Barnes recommends deactivating all smart devices as they can be easily compromised by anyone from the previous guest to hotel staff. If in doubt, Barnes offers a simple piece of advice – “Just turn it off”.

Sources: Wired, MWR Labs, GIthub

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.

Share this article