Unpatchable Echo hack can spy you in your bedroom
A hack on the Echo, the AI speaker from Amazon, can turn your smart speaker into an always-on microphone.
So you have the Amazon Echo in your room and you are very happy with the magic that the little AI speaker can do. However, you should know that the smart little device on your bedroom’s corner table can become a privacy nightmare.
According to a report by Motherboard, Amazon’s Echo can be hacked and turned into an always-on microphone that can be spying on your intimate moments. What is even more shocking is that the hack cannot be fixed by a software patch.
The report mentions a security researcher who demonstrated in his research that the Amazon Echo can be turned into a spying machine by exploiting a physical vulnerability in the models sold between 2015 and 2016. This hack can turn your smart speaker against you, and it can spy on your conversations without any indication that it has been compromised.
He adds that the issue cannot be resolved by Amazon by simply sending an OTA or flashing a physical software patch. This means that the smart speakers sold during that period will probably have the issue throughout their life.
Security researcher Mark Barnes, in his research, states that he managed to hack the Echo by removing the bottom of the smart speaker and exposing the 18 ‘debug’ points (connectors), which he used to boot directly into the firmware by using an external SD card. Once the hack was complete, he could mount back the bottom of the speaker, which left absolutely no trace or evidence that the device was tampered. The malware that Barnes installed could then remotely monitor the Echo’s microphone.
One should note that the Echo has a mute button that makes it inoperable when the user does not want the smart speaker to be hearing you out. This could be used to nullify the hackers attempt by muting the microphone. However, the hacker would be able to get track when the button is pressed again and the device unmated.
The vulnerability was only possible on the 2015 and 2016 models, and the 2017 models and the smaller Amazon Dot are not vulnerable to the hack.