Amazon Echo a Secret Listening Device

Tuesday, August 1, 2017 @ 03:08 PM gHale

The popular Amazon Echo can end up compromised and converted into a secret eavesdropping device, researchers said.

In addition to the possibility of the device being turned against the user, they may not know because the hack will not affect the Echo’s functionality.

Merck Still Working to Get Over Petya
Ransomware Shuts Down SMBs
Ransomware Attacks Force OS Change
WannaCry Wake: IT Now Better Prepared

Found to be susceptible to a physical attack, it would be possible for attackers to gain a root shell on the Linux Operating Systems and install malware.

The Echo could allow an attacker to secretly monitor and listen in on users and steal private data without their permission or knowledge, said researchers at MWR InfoSecurity.

By removing the rubber base at the bottom of the Amazon Echo, the research team could access the 18 debug pads and directly boot into the firmware of the device, via an external SD card, and install persistent malware without leaving any physical evidence of tampering. This gained them remote root shell access and enabled them to access the “always listening” microphones.

“Once we had root we examined the processes running on the device and the scripts that spawn these processes, said MWR researcher Mark Barnes. “We were able to understand how audio media is being passed and buffered between processes and the tools that are used to create and interact with these audio buffers. Using the provided ‘shmbuf_tool’ application developed by Amazon, we created a script that would continuously write the raw microphone data into a named fifo pipe which we then stream over TCP/IP to a remote service. On the remote device we receive the raw microphone audio, sample the data and either save it as a wav file or play it out of the speakers of the remote device.”

The vulnerability has been confirmed to affect the 2015 and 2016 editions of the device. The 2017 edition of the Amazon Echo is not vulnerable to this physical attack. The smaller Amazon Dot model also does not carry the vulnerability.

Click here for more technical details.

“The rooting of the Amazon Echo device in itself was trivial; however, it raises a number of important questions for manufacturers of Internet enabled or ‘Smart Home’ devices,” Barnes said.

“The Amazon Echo does include a physical mute button that disables the microphone on the top of the device or can be turned off when sensitive information is being discussed (this is a hardwire mechanism and cannot be altered via software),” Barnes said. “Although the Echo brings about questions of privacy with its ‘always listening’ microphones, many of us walk around with trackable microphones in our pockets without a second thought.

Leave a Reply

You must be logged in to post a comment.