Hackers manage – just – to turn Amazon Echoes into snooping devices Hackers have managed to hack Amazon's Echo digital assistant and effectively turn it into a listening device, albeit through a complex and hard-to-reproduce approach. Talking at the DEF CON hacking conference in Las Vegas, two Chinese security researchers working for Tencent, outlined how they had used a specially modified …
The vulnerability here isn't that a modified Echo could be used to spy on you if it could somehow be infiltrated into your home; it's that a modified Echo could be used to eavesdrop on other completely stock devices in your home as long as it could get on the same network. Given the security state and broadcast area of most home networks, I'd say that it was a more significant vulnerability than the article let on.
Reason #344 not to get an Echo.
"If it can't be home hacked how about a hotel room:"
The term "Evil Maid" comes into its own in that context.
And if it only takes 15 minutes to knobble an existing device, we probably need to look at the problem of "Evil Guest" leaving a permanent hook into the hotel's system.
Why not just insert an actual bugging device inside the device?
Why not forget the Amazon gizmo and just insert standard bug?
...is what I though till I read on, seems once the custom Echo is on the network it can turn all the other echos into bugs . Thats the difference .
That might mean you dont even have to enter the property if the wifi pokes out a bit.
Or if its a big corp network you could harvest a huge number of devices over god knows how far geographically*
* im guessing , as its a home iot ting , it might not cross subnets
Well, to be fair, Bezos probably had no idea what kind of wine you were drinking, but, on the other hand, the various deepcover criminals working in the right parts of Amazon, or working for various of Amazon's 'Trusted Partners' (who have less security and are easier to extract data from), probably know a lot more than that about you - and what can be done with the seemingly innocuous data from your online searches (never mind the knowledge of what time you go to work and get home) is pretty damn scary ( know because I've done that kind of data analysis myself).
But anyone upset by the idea that more than Amazon could gain access to their data hasn't been paying attention and really has no complaint to make: it was always a Trojan horse gate for the horses that we'll put in the wall here - don't worry about anyone else getting in through it, we only hand copies of the keys to these other people and they're totally trustworthy (they crossed their hearts and swore they wouldn't lose them or give them to anyone else)..
"What isn't clear is whether Amazon is capable of overriding its system to listen in permanently, rather than require it to wait for the "wake word" before listening, and so act as a live bug (the device holds a two-second audio buffer)."
I think it is a bit slippery to say that the device is NOT listening permanently. Obviously it has to 'listen' to recognise the 'wake word'; the hope here being that that two second audio buffer is not released upstream regardless of the trigger word presence, which I believe was the point here.
Which is why NONE of this shit is ever coming into my home.
My so called Smart TV is never connected to the Internet.
All Social Media plus 90% of google sites are blocked at my firewall.
And the only network connections are wired. No WiFi. Turned off at the Router. Wouldn't work very well as the walls are foil lined (Insulation material)
Welcome to the world on a modern day refusenik.
Presumably they needed to remove, reprogram, and re-install the flash chip so that they could access the private key in that specific device's CPU or TPM. (Probably a TrustZone 'enclave'.) Without the key stored in the original CPU, the device wouldn't be recognized as a valid Echo and wouldn't be given the ability to control nearby devices.
This is a illustrative hack -- it shows that the device is pretty well locked down, and not (easily) remotely vulnerable. But the difficult problem of unbroken chain of trust remains. In this case they trusted "already installed" software.
>>if you are the sort of person that is likely to be directly targeted by an FBI investigation<<
So basically, given the FBIs (known) history, that's anyone breathing?
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him" - Cardinal Richelieu.
…companies are considering placing it in increasingly public spaces like schools and hotels…
Well, at least in Europe the question of liability in the case of a breach has already been clarified. As, indeed, has the need to get permission before Amazon (or any other crooks) can listen in.
Instead of re-flashing an echo, why not pre-hack an echo and plug it in?
Anyway, the vuln has been fixed.
Amazon's eating its own dog food when it comes to managing the Alexa ecosystem, so if you want a place to start take a look at amazon's IoT infrastructure; it's pretty tight. You'll have more success ripping the client cert off of an echo and using it to abuse the system, at least until the cert is revoked. The big weakness right now is that there's no way to prevent someone from -attempting- to connect - a revoked cert will still eat resources at some level.
As troubling as it would be to have someone place rogue units in a hotel room and potentially access units in other rooms this way, what about college dorms?
The students tend to be on the same WiFi network, which was a requirement for this hack. I can imagine students either hacking a unit themselves, or falling for an ad for a free (used and hacked) unit somewhere.
Life is getting more and more complicated. If I were to encounter a digital assistant in my hotel room I would either unplug it or call the front desk to have it removed. College dorms are more problematic, especially since dorm rooms in the USA are generally shared with other students. What if your roommate insists on having these spy gadgets in the room?
>" But then, if you are the sort of person that is likely to be directly targeted by an FBI investigation then presumably you've considered that the extra utility gained from an Amazon Echo may not be worth the risk of having a potential bug in your home or office."
This presumes the government is trustworthy and would never go on a fishing expedition to support their preconceived notions about a "suspect's" guilt.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
