Tencent’s security research team revealed multiple vulnerabilities on Amazon Echo speakers’ web interface. The vulnerabilities can be exploited by hackers to gain access to the smart speakers and spy on users. Fortunately, the methodology revealed by Tencent’s team of researchers is too complicated for most hackers to implement on a large scale. Tencent has already fully disclosed details to Amazon, and the vulnerabilities have been patched.
Security researchers at Tencent Blade team Wu HuiYuSecurity and Qian Wenxiang revealed in a video “Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc."
The method requires hardware modification on the smart speakers and modifying the flash memory chip to gain root access. Once the memory chip of an Amazon Echo speaker is modified, it needs to be soldered back. Next, the speaker needs to be connected to the same Wi-Fi network as another Echo device. Hackers who are capable of hacking into Wi-Fi networks can do this fairly easily, but it requires physical presence with the jailbroken speaker.
Once the ‘rogue’ Echo device is connected to the Wi-Fi network, hackers can take advantage of interface flaws including cross-site scripting, web encryption downgrades and address redirection to gain complete access of vulnerable speakers. Hackers can listen to or record any audio transmitted to and from the device.
The vulnerabilities have already been patched by Amazon with the help of Tencent, and the likelihood of attackers having exploited smart speakers using the method is highly unlikely. The vulnerability was ever practical only in places with multiple smart speakers connected to the same Wi-Fi network like hotels.
What do you think about the Amazon Echo exploit? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.