Hackers discover way to hijack Amazon Echo and spy on unsuspecting users

Chinese hackers at DEFCON have demonstrated how they were able to hack an Amazon Echo unit, enabling them to listen and record unsuspecting targets.

Creative Commons via Pexels


Smart speakers like Google Home and Amazon Echo are becoming increasingly popular in the U.S. About 39 million Americans regularly use these devices, which can do everything from play music, fetch a weather forecast and even order a pizza. The devices are able to perform those tasks because of voice-activation technology that triggers various scripts at the mere utterance of a word like ‘Alexa’.

But that same voice-activation and recording technology has alarmed many security experts over the years who fear it could be exploited by hackers seeking to listen in on unsuspecting targets. Recently, a group of Chinese hackers figured out how to do just that.

At the DEFCON security conference in Las Vegas on Sunday, researchers Wu Huiyu and Qian Wenxiang demonstrated how they discovered a way to hijack the second-generation Amazon Echo by exploiting a series of bugs within the device’s hardware and software.

The vulnerabilities shouldn’t alarm Echo users because they’ve since been fixed by Amazon, and the attack required rather extensive technical expertise to execute. Still, the attack arguably represents the most successful breach of a smart speaker system to date.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” the hackers wrote to WIRED. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.”

The team’s attack worked like this: First, the researchers removed the flash chip from an Echo unit, modified the chip and reinserted it into the unit. Then, assuming the researchers could get their modified Echo connected to the same Wi-Fi network as the target’s Echo, they showed how they could exploit a software component of Amazon’s speakers, called Whole Home Audio Daemon, to eventually take control of the target Echo.

The attack would theoretically enable a third-party to record and transmit audio from an Echo without the target ever knowing their device had been hijacked.

“After a period of practice, we can now use the manual soldering method to remove the firmware chip ... from the motherboard and extract the firmware within 10 minutes, then modify the firmware within 5 minutes and [attach it] back to the device board,” the team told WIRED. “The success rate is nearly 100 percent. We have used this method to create a lot of rooted Amazon Echo devices.”

A spokesperson for Amazon told WIRED that “customers do not need to take any action as their devices have been automatically updated with security fixes,” and that “this issue would have required a malicious actor to have physical access to a device and the ability to modify the device hardware.”

It’s not the first time vulnerabilities in Echo units have been identified. One of the most recent demonstrations came in April of this year when the cybersecurity company Checkmarx showed it was able to tweak an Echo so that it keeps ‘listening’—and, therefore, recording—long after the user had said the activation word ‘Alexa’. That exploit, which has since been fixed by Amazon, effectively turned the unit into a surveillance device, though the team said it was unable to figure out how to turn off the unit’s blue light-ring.

The world and workforce need wisdom. Why don’t universities teach it?

Universities claim to prepare students for the world. How many actually do it?

Photo: Take A Pix Media / Getty Images
Sponsored by Charles Koch Foundation
  • Many university mission statements do not live up to their promise, writes Ben Nelson, founder of Minerva, a university designed to develop intellect over content memorization.
  • The core competencies that students need for success—critical thinking, communication, problem solving, and cross-cultural understanding, for example—should be intentionally taught, not left to chance.
  • These competencies can be summed up with one word: wisdom. True wisdom is the ability to apply one's knowledge appropriately when faced with novel situations.
Keep reading Show less

What the world will look like in the year 250,002,018

This is what the world will look like, 250 million years from now

On Pangaea Proxima, Lagos will be north of New York, and Cape Town close to Mexico City
Surprising Science

To us humans, the shape and location of oceans and continents seems fixed. But that's only because our lives are so short.

Keep reading Show less

From zero to hero in 18 years: How SpaceX became a nation-state

SpaceX's momentous Crew Dragon launch is a sign of things to come for the space industry, and humanity's future.

SpaceX founder Elon Musk celebrates after the successful launch of the SpaceX Falcon 9 rocket with the manned Crew Dragon spacecraft at the Kennedy Space Center on May 30, 2020 in Cape Canaveral, Florida. Earlier in the day NASA astronauts Bob Behnken and Doug Hurley lifted off an inaugural flight and will be the first people since the end of the Space Shuttle program in 2011 to be launched into space from the United States.

Photo:Joe Raedle/Getty Images
Politics & Current Affairs
  • SpaceX was founded in 2002 and was an industry joke for many years. Eighteen years later, it is the first private company to launch astronauts to the International Space Station.
  • Today, SpaceX's Crew Dragon launched NASA astronauts Bob Behnken and Doug Hurley to the ISS. The journey will take about 19 hours.
  • Dylan Taylor, chairman and CEO of Voyager Space Holdings, looks at SpaceX's journey from startup to a commercial space company with the operating power of a nation-state.
Keep reading Show less

Six-month-olds recognize (and like) when they’re being imitated

A new study may help us better understand how children build social cognition through caregiver interaction.

Personal Growth
  • Scientists speculate imitation helps develop social cognition in babies.
  • A new study out of Lund University shows that six-month-olds look and smile more at imitating adults.
  • Researchers hope the data will spur future studies to discover what role caregiver imitation plays in social cognition development.
  • Keep reading Show less
    Scroll down to load more…