Smart speakers spying on users isn’t a new idea; the danger of unauthorised access to these devices, such as the Amazon Echo, has been raised before. However, often these dangers were hypothetical in nature – until now.
Researchers Wu Huiyu and Qian Wenxiang from Tencent have developed a way in which to use an Amazon Echo device as a spying tool. The attack takes advantage of the device by using a modified speaker – as well as a number of Alexa web interface vulnerabilities – that enables them to remotely snoop on regular devices.
Although this appears to be concerning, the researchers noted that currently, this would take a great deal of effort and expertise to carry out such an attack.
In order to take over an Echo device, researchers said they removed a flash memory chip, altered its firmware – which enabled root access – and soldered it back onto the device’s circuit board. Once this initial process was complete, the speaker was then placed on the same WiFi network as other, untouched Echo devices.
By using a chain of vulnerabilities in the Alexa device’s web interface, such as cross-site scripting, URL redirection and HTTPS downgrade attacks, the attackers were then able to take full control of the victim’s speakers; enabling them to both discreetly record and play audio.
Is it time to throw out your Amazon Echo? Could people be spying on you? Not really.
Huiyu and Wenxiang informed Amazon of their research, and the company has since released a series of security fixes to address the internet vulnerabilities. For a would-be attacker to eavesdrop on you in your home, they would require a great deal of technical expertise.
First of all, they would have to know how to disassemble the Echo device, identify networks with other Echos, connect to the networks and then capitalise on the exploits – an extensive process that would require a great deal of time. This type of attack could be effective in hotels, however, where an individual would be able to take their time and expect other smart speakers to be present.
What this does highlight is the potential for future exploits. It proves that vulnerabilities were present in the first place and with the right dedication and technical ability, it can happen.