Amazon's Echo can be made to transmit everything its microphones hear straight to a hacker.
(CCM) — Amazon's Echo smart speaker can be hacked to turn it into a wiretap which eavesdrops on its owner and transmits everything its microphones hear to another location, a security researcher has revealed in a blog post.
Mark Barnes, from MWR Security, says that a hacker who can physically access the device can install malware without leaving physical evidence of tampering. "Such malware could grant an attacker persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device," he said.
The hack is possible because the Echo has connection points hidden beneath the rubber base of the device intended for software developers' use, and because it can be booted from an external SD card.
Barnes warned that Echo devices could be hacked in insecure environments like hotel rooms, and second-hand Echo devices may also be hacked before they are sold. But he pointed out that the Echo has a physical mute button which disables the device's microphones and which cannot be overridden by malicious software.
The Echo devices which are susceptible to hacking were released in 2015 and 2016, but newer versions are not vulnerable to the hack.
Image: © Peppinuzzo - Shutterstock.com