With all of the companies that have, or plan to, introduce speakers there are some very real concerns that consumers should have. One especially is the security of these devices that are like many new gadgets being connected through the internet. And, this security concern was highlighted with the hacking of the Amazon Echo to turn it into a listening device of the users.
The hack was demonstrated at Def Con 26, using multiple vulnerabilities to demonstrate how the Echo could be used as an eavesdropping device and then use many of the device that are connected to it in the same manner.
The hackers presented their notes from Def Con 26, stating:
“In this talk, we will present how to use multiple vulnerabilities to … remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we’re also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice.”
So, as companies like Facebook, who plans on rolling out their own version of a smart speaker very soon, create more and more demand for these products. It is only natural that they will become a magnet for hackers looking to take advantage of any bugs or ways to bypass their security.
It should be noted that Amazon did quickly fix the vulnerability shown by the hackers with a released patch.