Amazon's Echo smart speaker can be hacked into, enabling cyber criminals to eavesdrop on private conversations and steal user information, a researcher has discovered.
Mark Barnes, a researcher at MWR Labs, says the speaker is "vulnerable to a physical attack" that could allow a hacker to install malicious software and gain "remote access to the device."
He says that hackers could "stream live microphone audio" from the device without the user knowing.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The security flaw is found in "ports used to debug the device", says the Daily Telegraph, and these are hidden underneath a flap on the base of the speaker.
"Hackers could attach a malicious storage card to these without the user knowing that would give them access to the operating system of the Echo", adds the paper. If that were to happen, hackers could "see an owner's Amazon credentials" or "steal sensitive information".
But The Verge reports that only Amazon Echo devices bought between 2015 and 2016 are vulnerable as this year's model features hardware alternations that make the hacking method in its current guise impossible.
A hacker would also need to physically insert an SD storage card into the device to gain access to it, says the BBC, making it very difficult to carry out an attack.
Users who take their devices with them on holidays or business trips could find themselves exposed to hackers, the broadcaster says, while second-hand devices "may also be compromised in some way.
Despite the Echo bringing "questions of privacy with its always listening microphones", Barnes argues that "many of us walk around with trackable microphones in our pockets without a second thought."
He concludes by saying that "product recalls and modifications can be expensive in post production", and suggesting that physical attacks should be incorporated into "any security assessments" on home devices "as early as possible".
-
Mermaiding: the underwater subculture on the riseUnder the Radar Cosplay meets fitness in an escapist fin-omenon that's making waves around the world
-
Delhi's dogs earn Supreme Court reprieveIN THE SPOTLIGHT After an outcry from the public and animal rights activists, India's Supreme Court walks back a controversial plan to round the city's stray dog population into shelters
-
8 hotels with ace tennis courtsThe Week Recommends Bring your A game
-
Amazon's robotaxi looks to be Waymo's biggest competitorIn the Spotlight The company recently opened a new robotaxi production plant in California
-
Amazon launches 1st Kuiper internet satellitesSpeed Read The battle of billionaires continues in space
-
Amazon ending 'Just Walk Out' grocery checkoutSpeed Read In its place, the company will let customers scan while they shop with Amazon Dash Cart
-
The pros and cons of drone deliveryPros and cons It's a bird! It's a plane! It's a ... drone?
-
Amazon hardware event 2019: Echo Buds, Frames and moreIn Depth From Alexa-powered glasses to pet trackers, the exciting new gadgets announced at the product keynote
-
Alexa to impersonate celebritiesIn Depth Samuel L. Jackson will be first star to lend voice to Amazon’s new artificial intelligence feature
-
Why is the BBC launching a voice assistant?In Depth ‘Beeb’ will focus on regional accent recognition to stand out from Amazon’s Alexa and Google Assistant
-
France’s new digital tax explainedSpeed Read 3% levy on revenue of big tech firms like Google and Facebook faces stiff opposition from Washington
