Research from MWR InfoSecurity Ltd. shows that threat actors can install malware on an Amazon Echo and turn it...
into a listening device. How effective is this attack, and is there any way to determine if an Amazon Echo has been compromised?
An attacker needs to gain a root shell on the Linux operating system to install malware and exploit this Amazon Echo vulnerability.
By removing the rubber base of the Amazon Echo, the attacker could use an external SD card to boot into the device's firmware as the MWR researchers demonstrated. After putting the base back, a tech-savvy attacker could use a mobile device to remotely access the always-listening microphone. The audio could be streamed to a remote server, played out of the speakers or saved as a WAV file.
The listening microphone will wake up after the victim says "Alexa." Everything the victim says is then recorded in the background. This includes telling the Echo what music to play, who to call and when to send messages. The victim could get the news he wants and the scores for his favorite sports. Other options the victim could use are controlling lights, TVs, thermostats and garage doors. When used with a mobile device running the Alexa app -- on the Android or iPhone -- the victim could orally search for consumer items using the Echo as a virtual assistant device. The attacker would get a gold mine of the victim's shopping preferences.
The physical Amazon Echo vulnerability affects the 2015 and 2016 editions of the Amazon device. The 2017 edition and the Amazon Echo Dot model are free from this vulnerability.
It is not possible to apply software or firmware updates to correct the design flaw in the affected Echo models, and there is no way for the victim to determine if the vulnerability on the physical device has been exploited.
The victim may find it inconvenient to physically turn on the mute button to disable the microphone or to fully turn off the Echo. A better approach to protect against this Amazon Echo vulnerability is to monitor the network traffic on your mobile device and look for any anomalous activity that might indicate a compromise. Many monitoring tools for mobile devices are available. If there is suspicious traffic on your Echo, you may want to think about replacing it with a newer model.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to manage and monitor hybrid networks
Discover more about cyber-physical attacks
Find out why Amazon is paying out for developers with Alexa skills
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
Kea, an open source DHCP server, was issued a medium security advisory for a flaw that causes memory leakage in version 1.4.0. Discover the ... Continue Reading
ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk ... Continue Reading
Siemens disclosed six Siclock flaws that were found within its central plant clocks. Discover why three flaws have been rated critical and how threat... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.