Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News Categories

Your Amazon Echo is a spy in plain sight

By Marcus Wong - on 2 Aug 2017, 2:29pm

Your Amazon Echo is a spy in plain sight

British researcher Mark Barnes has just demonstrated a technique that will allow anyone with physical access to an Amazon Echo to install malware to it, letting anyone eavesdrop on your conversations. Barnes showed that he could stream audio to his remote server, and while the technique only works on devices sold before 2017, there’s no software fix for older units either.

That doesn’t mean you should go trash your Amazon Echo straight away - physical access is required to execute the hack – but it should give you pause when staying at hotel rooms with similar devices. Or when leaving your smart speaker unattended and out of your control.

Barnes’ method takes advantage of “two hardware design choices” made by Amazon: exposed debug pads on the base of the Echo, and a hardware configuration setting which allows the device to boot from an external SD card.

What he did was to remove the rubber base of a pre-2017 Echo and decipher which of the 18 debug pads corresponded to what function. The configuration of the Echo is such that it first tries to boot from an SD Card connected to the debug pads before reading from the internal eMMC unit.  Thus, Barnes booted into the firmware of the Echo by physically connecting the Echo to an external SD Card breakout board.

Each pad corresponds serves a particular purpose.

This allowed Barnes and his team to install a persistent implant to interrupt the boot process, thus taking over the unit and allow for remote access without the physical connection. By examining the processes running, they were also able to understand how audio was passed and stored in the Echo, and subsequently stream it over TCP/IP to a remote device. All without affecting the functionality of the Echo!

While Amazon has subsequently fixed the security flaws Barnes exploited in its recent versions of the Echo, Barnes thinks his work should act as a warning to the public that devices like the Echo can be modified and exploited fairly easily, so care should be taken when purchasing from someone other than Amazon.

In fact, if you’re in a public or semipublic place like a hotel room, Barnes recommends deactivating all smart devices as they can be easily compromised by anyone from the previous guest to hotel staff. If in doubt, Barnes offers a simple piece of advice – “Just turn it off”.

Sources: Wired, MWR Labs, GIthub