The media has always been fascinated with devices spying on you. When researchers hacked TVs with a built in microphone, everyone wanted to know what hackers would turn into bugs next. Always listening electronic assistants like Alexa, Cortana, and Siri made obvious targets, but no one had cracked those products. That is, until now. Researchers at MWR InfoSecurity have found a way to hack an Amazon Echo and turn it into a remote listening device. The good news is it requires physical access and significant work to pull off. Watch the video below for more details, and make sure not to let shady criminals take apart your Echo.
Episode Runtime: 2:57
Direct YouTube Link: https://www.youtube.com/watch?v=B6IIaSjmXWI
EPISODE REFERENCES:
- Researcher’s post on hacking the Amazon Echo – MWR InfoSecurity
Corey Nachreiner, CISSP (@SecAdept)
Although I doubt someone would take your echo apart and do that. People could modify them and sell them on ebay to unsuspecting buyers.
US government has been known to intercept delivery of networking devices to install trojaned versions of their OSs
I guess this could be a cheap way of listening to a targets home remotely
Yes, this is a consideration when using an Echo. Jeff Bezos talks about Echo security here: https://www.cnbc.com/2016/10/20/jeff-bezos-explains-why-the-echo-is-harder-to-hack-than-smartphones.html
The echo can be turned off when not in use or a sensitive conversation is taking place. Additionally, a network administrator could set up firewall rules to ensure echo traffic is only going to Amazon potentially. I was taking a look at home IOT devices and what traffic was flowing and figured out a few Amazon IP Ranges here: http://randominternet.blogspot.com.br/2017/06/home-iot-ports-echo-apple-and.html