Two security researchers from Tencent's Blade team have now revealed how they were able to use a modified Amazon Echo device to hack into and spy on other Echo smart speakers. The hack, performed by the former company's Wu HuiYu and Qian Wenxiang, required a relatively large amount of work. For starters, the device is comparatively secure and the pair says it needed to resolder its Flash memory chip at some point in the process. That seems to suggest that it was removed in order to make changes to its firmware, something the Tencent researchers say can be done with Flash chips across the gamut of what's available. The modified Echo then had to be placed on the same network as the devices it wanted to spy on, highlighting another layer of complexity and defense against this type of attack. Lastly, a number of vulnerabilities in both Amazon's communication protocols and flaws in the built-in Alexa interface had to be taken advantage of, including encryption downgrades.
The biggest concern expressed by the researchers is that although high-sophistication attacks such as that are less likely to happen, they aren't out of the question. After instituting the hack, HuiYu and Wenxiang were able to effectively take over every aspect of the Amazon Echo devices sharing the network with their modified device. That included taking control over the playback of those speakers and other functionality but also the simple task of listening in to what those devices were hearing. The latter of those activities would be difficult for the average user to detect under most circumstances. The team concludes that concerns about the use of a cascading chain of vulnerabilities to encroach on user privacy is valid and warrants further inspection.
Amazon has since fixed the vulnerabilities used in the hack and it is unlikely that they were ever used in that way prior to the process being revealed. However, it does place a spotlight on how a cascade of vulnerabilities can be used to gain access to IoT devices that seem to be secure to consumers. Moreover, Amazon is now targetting the hospitalities industry and Google is following close behind with its own smart devices. That means there could soon be more incentive than ever for bad actors to explore complicated methods of gaining access to those types of devices.