Since smart speakers like the Amazon Echo first began to appear in homes across the world, the security community has come to see them as a prime target. But that threat has remained largely hypothetical: No Echo malware has appeared in the wild, and even proof-of-concept attacks on the devices have remained impractical at best.

Now, one group of Chinese hackers has spent months developing a new technique for hijacking Amazon’s voice assistant gadget. It’s still hardly a full-blown remote takeover of those smart speakers. But it may be the closest thing yet to a practical demonstration of how the devices might be silently hijacked for surveillance.

At the DefCon security conference Sunday, researchers Wu Huiyu and Qian Wenxiang plan to present a technique that chains together a series of bugs in Amazon’s second-generation Echo to take over the devices, and stream audio from its microphone to a remote attacker, while offering no clue to the user that the device has been compromised.

Echo owners shouldn’t panic: The hackers already alerted Amazon to their findings, and the company pushed out security fixes in July. Even before then, the attack required some serious hardware skills, as well as access to the target Echo’s Wi-Fi network—a degree of difficulty that likely means it wouldn’t be used against the average Echo owner. But the effort nonetheless sheds new light on how an Echo eavesdropping technique might work against a high-value target.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” reads a description of their work provided to WIRED by the hackers, who work on the Blade team of security researchers at Chinese tech giant Tencent. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.”

The research also raises the specter of more direct physical access attacks on a victim’s Echo.

The researchers’ attack, though already patched, demonstrates how hackers can tie together a devious collection of tricks to create an intricate multistep penetration technique that works against even a relatively secure gadget like the Echo. They start by taking apart an Echo of their own, removing its flash chip, writing their own firmware to it, and re-soldering the chip back to the Echo’s motherboard. That altered Echo will serve as a tool for attacking other Echoes: Using a series of web vulnerabilities in the Alexa interface on that included cross-site scripting, URL redirection, and HTTPS downgrade attacks—all since fixed by Amazon—they say that they could link their hacked Echo with a target user’s Amazon account.

If they can then get that doctored Echo onto the same Wi-Fi network as a target device, the hackers can take advantage of a software component of Amazon’s speakers, known as Whole Home Audio Daemon, that the devices use to communicate with other Echoes in the same network. That daemon contained a vulnerability that the hackers found they could exploit via their hacked Echo to gain full control over the target speaker, including the ability to make the Echo play any sound they chose, or more worryingly, silently record and transmit audio to a faraway spy.

That requirement that the victim and attacker be on the same Wi-Fi network represents a serious limitation to the attack. It means that, even after some serious hardware hacking, an Echo attacker would have had to know a target’s Wi-Fi password or otherwise gain network access. But the researchers argue that an Echo spy could potentially brute force the Wi-Fi password, trick a victim into installing their altered Echo themselves and linking it to their Wi-Fi, or the attack could be performed on Echoes in environments with more widely shared passwords, like hotels and schools.

When WIRED reached out to Amazon about the attack, the company responded in a statement that “customers do not need to take any action as their devices have been automatically updated with security fixes.” The spokesperson also wrote that “this issue would have required a malicious actor to have physical access to a device and the ability to modify the device hardware.”

That last point, to be clear, isn’t as comforting as it sounds. The hackers would have had to have access to the victim Echo’s Wi-Fi, but would only need hands-on physical access to their own Echo, which they could alter to create their attack tool in the privacy of their lab.

‘They’d make phenomenal listening devices if you can exploit them.’

Former NSA Hacker Jake Williams

The research also raises the specter of more direct physical access attacks on a victim’s Echo, if a hacker can manage to get some alone time with it in the target’s home or hotel room. The researchers mention in passing that they were able to alter the firmware of their own Echoes in just minutes, suggesting that they might be able to physically plant spyware on a target Echo just as quickly. “After a period of practice, we can now use the manual soldering method to remove the firmware chip…from the motherboard and extract the firmware within 10 minutes, then modify the firmware within 5 minutes and [attach it] back to the device board,” they write. “The success rate is nearly 100 percent. We have used this method to create a lot of rooted Amazon Echo devices.”

The Tencent researchers aren’t the first to demonstrate techniques that transform Echos into spy tools. British hacker Mark Barnes last year published a technique that uses physical access to a first-generation Echo to install malware on it via metal contacts accessible under its rubber base. Researchers at security firm Checkmarx later showed they could hijack an Amazon Echo remotely, but only when its owner downloads the attacker’s software extension—what Amazon calls a “skill”—to their device, the equivalent of sneaking a malicious Android app into the Google Play Store and tricking users into downloading it. Unlike the Tencent hackers’ work, neither earlier technique represented a targeted, over-the-network Echo-hacking technique.

A truly remote Echo hack wouldn’t be easy, says Jake Williams, a former member of the NSA’s elite hacking team Tailored Access Operations. He points out that the devices primarily accept only voice input and cloud communications via an encrypted connection with Amazon’s server, creating a very limited “attack surface” for hackers to exploit. Hence the Tencent researchers’ clever use of Amazon’s Echo-to-Echo communications instead.

But if spies could compromise a smart speaker like the Echo, it would make a powerful surveillance device, Williams notes. Unlike a phone, for instance, it picks up sound not only directly next to the device, but anywhere in earshot. “These smart speakers are designed to pick up all the noises in the room, listen and transcribe them,” says Williams. “As a result they’d make phenomenal listening devices if you can exploit them.”

Even the Tencent hackers’ work doesn’t prove that eavesdropper’s dream has come true just yet. But you’d be forgiven for eyeing your Echo warily in the meantime.

More Great WIRED Stories




Please enter your comment!
Please enter your name here