Security researchers at the 26th Def Con hackers conference revealed a new Amazon Alexa hack that enables attackers to take control of the speaker, turning it into a spy.
Researchers Wu HuiYu and Qian Wenxiang are part of the Blade security team with Chinese company Tencent. In their presentation at Def Con, they explained how their hack turned an Amazon Echo into an audio monitoring device.
To kick things off, HuiYu and Wenxiang had to modify an Echo speaker of their own. This involves taking apart an Echo speaker and removing its flash chip. The researchers then wrote their own firmware to it. Finally, they soldered the flash chip back to the Echo’s motherboard after installing the firmware.
This forms the base the researchers used to launch an attack.
Network access required
With a doctored Echo device, an attacker would have to get the device onto the same Wi-Fi network as the target Echo speaker. Although likely the hardest part of the attack, it isn’t impossible.
Most Wi-Fi networks are secured, but as always there are ways around that. The researchers mentioned a few examples, such as having the Echo device brute force the password or trick a victim into installing their altered Echo and linking it to their Wi-Fi.
Alternatively, attackers could target a hotel or school or similar network with a widely shared password.
Once the modified Echo is on the network, the researchers took advantage of a software component, Whole Home Audio Daemon. The daemon allows Echo devices to communicate with other devices on the network.
The researchers were able to use a vulnerability in the daemon to gain full control over a target speaker. This included the ability to play sounds the researchers chose and silently record and transmit audio.
Before you go unplug you Echo speaker, Amazon has already patched the vulnerability. The patch came as part of an automatic security update in July and requires no action on the part of customers. The researchers informed Amazon about the vulnerability prior to their presentation at Def Con.
Furthermore, in a statement to Wired, Amazon said the “issue would have required a malicious actor to have physical access to a device and the ability to modify the device hardware.”
To clarify, the malicious actor only needs access to the network and physical access to their own Amazon Echo device.
Regardless, the vulnerability was patched. Additionally, the vulnerability was rather difficult to take advantage of, especially considering the need to bypass the Wi-Fi network. Ultimately, the average user probably doesn’t need to worry about a potential attack using this method.
Source: Wired Via: TechCrunch