MWR InfoSecurity recently found that a particular physical exploit can be used to install a certain piece of malware to leverage the microphone on Amazon's Alexa-powered home speaker.
A recently-discovered, difficult-to-detect vulnerability could allow hackers to gain access to the microphone on an Amazon Echo and live stream the audio picked up by it. The exploit was detailed by MWR InfoSecurity in a blog post on Tuesday, explaining that it requires a specific physical attack to take place.
The process requires that the attacker have physical access to the Echo unit, but the attack leaves almost no physical trace, the post said. It all begins with the design of the Amazon Echo.
At the bottom of the Echo unit, under a rubber pad, there are 18 exposed debug pads. These pads give attackers a close-up look at how the device boots, the post said.
If an SD card is attached to these pads, the Echo will default to booting from the card itself over its eMMC unit, the post said. By attaching an SD card loaded with the correct software in the right partition, attackers can boot into a command line interface, the post said. Once here, attackers can "inspect the contents of the file systems on the internal memory and reconfigure the kernel arguments," the post said.
Using a simple script, the researchers were able to prompt the Echo to record all of the raw audio data from the microphone and send it to their remote service, where they can then save the files as they are received. The script will not alter the functionality of the device, but it essentially turns an Amazon Echo into a wiretap.
The 2015 and 2016 edition of the Amazon Echo are vulnerable to the attack, but the 2017 version is not. The physical mute button at the top of the Echo will also shut off the recording, even if the device has been rooted, the post said.
While the requirement of physical access is limiting, the actual rooting of the device was "trivial," the post said. Mark Barnes, security consultant at MWR InfoSecurity, told ZDNet that, with the right device, it would only take "a minute or so" for attackers to gain access to the microphone.
This exploit should be a concern for privacy-conscious consumers and businesses alike, that may be in the habit of discussing sensitive information in close proximity to an Amazon Echo. Additionally, as many hotels (like the Wynn Las Vegas and select Marriott hotels) have begun rolling out Amazon Echo units in their rooms, business travelers should also exercise caution.
The 3 big takeaways for TechRepublic readers
- A new vulnerability, discovered by MWR InfoSecurity, could be used to record and store audio data from an Amazon Echo, turning it into a wiretap for hackers.
- The attack occurs when an SD card is attached to the debug pads at the bottom of the Echo, allowing attackers to boot into a command line interface.
- Only certain models are vulnerable, but users should exercise caution when discussing sensitive material around unknown units.
- Developers can now build Amazon Alexa skills for free on AWS (TechRepublic)
- This Amazon Echo hack can make your speaker spy on you, say security researchers (ZDNet)
- Microsoft to use AI to assist the blind, fix bias, and rescue the planet (TechRepublic)
- Turn Raspberry Pi into an Amazon Echo with $49 pi-topPULSE (ZDNet)
- Amazon Echo: The smart person's guide (TechRepublic)