Published: Thu, August 03, 2017
Research | By Jennifer Evans

A new hack can turn an Echo into a live microphone

A new hack can turn an Echo into a live microphone

On Tuesday, British security researcher Mark Barnes detailed a technique anyone can use to install malware on an Amazon Echo, along with his proof-of-concept code that would silently stream audio from the hacked device to his own faraway server. Once that is accomplished, the hacked Amazon Echo can then send all the audio captured by its microphone to the attacker, with the device retaining its spying capabilities ever after the SD card is removed.

While that hardware fix effectively blocks the attack, the nature of the firmware assault makes it very hard to stop the attack at a software level. The researchers also found that the Echo will try to boot from an external SD card before attempting to boot from its internal flash memory, allowing them to format an SD card with the boot components needed to boot the device into a command line mode.

Unfortunately, the hacked device will not show any physical evidence of tampering, and will continue to work as normal, but on the plus side, the Echo speaker can not be hacked remotely.

Of course the biggest limitation of this vulnerability is the fact a hacker needs physical access to the device. One of those allows the Echo to read data from an SD card, for instance. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.

Following a full examination of the process running on the device and the associated scripts, MWR's researchers investigated how the audio media was being passed and buffered between the processes and the tools used to do so. In fact, an earlier paper by a group of researchers at the Citadel military academy in SC identified the same pins, suggesting that hackers could use a 3-D-printed attachment to connect to them.

If a knowledgeable attacker did have access to an older Echo, Barnes noted that rooting it is "trivial".

If you were to buy a second-hand speaker, then you'd better make sure it's a 2017 device or later. He managed to not only install a persistent implant and gain remote root shell access, but to "remotely snoop" using the Echo's seven microphone array.

However, he added, it was possible that Echo owners would take their devices with them on holidays or business trips - situations that could expose them to attack.

"What this research highlights is the need for manufacturers to think about both the physical and digital security risks that the devices may be subjected too and mitigate them at the design and development stage", MWR InfoSecurity's Barnes continued.

Amazon, meanwhile, told BBC that "customer trust is very important".

The attacker removes the rubber base of the Amazon Echo to reveals 18 debug pads.

Like this: