Researchers Can Turn Amazon Echoes into Spying Pods

Yesterday’s DEFCON coverage highlighted an 11-year-old hacker manipulating election results on a replica Florida state website in under 10 minutes. Today’s news concerns the Amazon Echo.

During a presentation, security researchers from Tencent demonstrated how a doctored Echo could be used to hack into other, non-modified Echos, turning the smart speakers into spying hubs.

With some of its internals swapped out, the modified Echo can exploit a vulnerability in the Whole Home Audio Daemon – the piece of software that the Echo uses to communicate with other Echo devices on the same network – to take control of its targets. Once in control, the malicious Echo can then use any of the infected Echoes to surreptitiously record audio.

A mildly comforting aspect in this story is the fact that at least one Echo device has to be physically manipulated for the scheme to work. This means that individuals that use Echo devices at home are relatively safe, provided they haven’t purchased second-hand Echoes. (We’ve already warned about the dangers of secondhand connected devices here.)

But the risk becomes significantly higher in scenarios where commercial establishments with more widely shared passwords are involved, such as hotels and schools. One visit to a hotel room is all it would take for an attacker to set the stage for this sort of breach.

The technique was developed by a group of Chinese hackers working with second-generation Echoes over several months. The researchers had notified Amazon of the exploit before the presentation, and Amazon has already pushed out security fixes.

So the maneuver is difficult to pull off, and the vulnerability has already been patched. So why is this news?

Well, a modified Echo device can still be used to hack into a home network even if said device is not owned by the targeted homeowners. The attacker merely needs to be within reach of their WiFi network and use brute force to connect his Echo, then use the daemon exploit to infiltrate their Echoes.

And while the inherent complexity of the scheme might protect average Echo owners, high-value targets might just be worth the effort.