The Amazon Echo is generally the first name which comes to mind when you think of a smart home speaker device and their sales continue to increase. While the Echo has made into a lot of homes the security community has seen them as the primary target to invade the user's privacy. Although no Amazon Echo malware has been seen in the wild and there aren't any even working proof-of-concept attacks, no device is 100% secure and a group of Chinese hackers have spent months creating a new method that will hijack the Amazon's voice assistant.
Is the Method Working Perfectly?
The method is not full blown remote take over but it is the closest thing for a practical demo of how these devices can be used to spy on people.
Security Researchers named Wu Hui Yu and Qian Wenxiang presented an exploit that will chain all the Amazon's Second-Gen Echo devices to take over the devices and also stream audio from its microphone without the user knowing that the device has been compromised.
I Have An Amazon Echo Device - Should I Be Worried?
The owners of the Echo devices don't need to be panic as the hackers have already alerted Amazon to their findings and the company also have pushed the security patches in the month of July. Even before that the hack requires serious hardware skills and also access to the Amazon Echo's Wi-Fi network. The researchers commented on their findings as follows;
"After several months of investigation, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping," reads a report of their work provided to WIRED by the hackers, who work on the Blade team of security researchers at Chinese tech giant Tencent. "When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker."
Limitations Of The Vulnerability
One of the requirements of the vulnerability is that the victim and the hacker need to be present on the same WiFi network. When asked about Echo's security:A truly remote Echo hack wouldn't be easy, says Jake Williams, a former member of the NSA's elite hacking team Tailored Access Operations.Amazon has also responded with a message saying that all the Echo devices have been updated with the latest firmware already and all the vulnerabilities have been fixed. But with smart home speakers now becoming the norm and increased focus from researchers in the area and concern from governments regarding privacy we're sure this isn't the last vulnerability which will come to light.
Take your time to comment on this article.
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/08/14/def-con-update-researchers-find-a-method-to-turn-amazon-echo-into-a-spy/