Don’t Buy Anyone An Amazon Echo – Not Even Yourself

Even if hacking these devices is difficult to do, does the fact that it is possible to make you reconsider using "smart speakers" such as these? What is your privacy worth to you? In recent years “smart speakers” are becoming popular as home tools to assist with day-to-day tasks; making phone calls, searching google and basically anything else you might use your phone for. Upon command, they wake up and complete the task given and offer a hands-free, voice-activated method to make our lives easier, so what could possibly go wrong? Well, recently a group of Chinese hackers have figured out a way to use the popular Amazon Echo as a spy device and listen in on the day-to-day conversations of targeted individuals. This group of hackers has spent months developing a new method for essentially hijacking the Echo. While it is far from a total takeover of the smart speakers, it is, from what we know, the closest thing to a practical demonstration of how these devices can absolutely be utilized as a method of secret surveillance. During the recent DefCon security conference, researchers Wu HuiYu and Qian Wenxiang shared their presentation called, Breaking Smart Speakers: We Are Listening To You, explaining how they hacked into an Amazon Echo and turned it into a spy bug. Now, before we start thinking Big Brother is listening, it is important to know that this hack involved a modified version of the echo, which did have some parts swapped out. However, this doctored device was still able to hack into other, non-modified devices and it does so by connecting both the hackers Echo and a regular Echo to the same local area network, or LAN. This process allowed the hackers to turn their own modified Echo into a listening bug by relaying audio from the other Echo’s speakers without any indication that they were transmitting anything. Although this was a difficult process, the Chinese hackers proved that it was, in fact, possible and could represent a first step towards exploiting this increasingly popular device. Before the presentation, the researchers notified Amazon of the upcoming exploit and they pushed out some security fixes back in July when asked about the attack from Wired, the company responded by stating that, “customers do not need to take any action as their devices have been automatically updated with security fixes.” The spokesperson added that “this issue would have required a malicious actor to have physical access to a device and the ability to modify the device hardware.” Unfortunately, that last statement overlooks the fact that the hackers did not have access to the physical device that they were intercepting — only the LAN and anyone can get their own Echo quite easily online and in stores. So, although Amazon updated the security of these devices, it is still possible that hackers could once again, figure out a way to gain access to the device. According to the hackers, “After a period of practice, we can now use the manual soldering method to remove the firmware chip...from the motherboard and extract the firmware within 10 minutes, then modify the firmware within 5 minutes and [attach it] back to the device board,” they write. “The success rate is nearly 100 percent. We have used this method to create a lot of rooted Amazon Echo devices.” To be able to effectively and easily hack an Echo remotely wouldn’t be easy, says Jake Williams, a former member of the NSA’s elite hacking team Tailored Access Operations. However, if spies were able to take over a device like the Echo it would make a powerful tool for surveillance because unlike a phone, it picks up sound from a room, not only right next to the device, but anywhere in earshot. “These smart speakers are designed to pick up all the noises in the room, listen and transcribe them,” says Williams. “As a result, they’d make phenomenal listening devices if you can exploit them.” Let’s not forget about what happened earlier this year where a couple from Portland, Oregon received a phone call from a person they knew warning them to unplug your Alexa device right now, you’re being hacked. This person had received a voice mail which contained a private message between the couple talking about hardwood floors. You can read more about that here. This is a common response from many people in regards to privacy issues. But this issue goes so much deeper than that. As Edward Snowden says, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” We have a right to our privacy. If these devices can, in fact, be used as surveillance tool’s then there is a very good chance that they are being used. We have already seen a tremendous level of corruption from the NSA spying on Americans’ and even Facebook violating our rights and using messenger to listen in on our conversations. Why would we feel that these devices that are literally plugged into our homes and flat out listening to us and our “commands” couldn’t be used as a method of surveillance? Cell phone’s alone have been proven to be able to listen in even when the phone is turned off.

These smart speakers have even more capacity as they pick up sound all over the place and have a much broader range. Should you let this stop you from getting your own Echo or similar device? Well, that’s up for you to decide, for me it’s not worth it. .

Read the full article at the original website

References:

• https://www.wired.com/story/hackers-turn-amazon-echo-into-spy-bug/