Flaw in Amazon Echo could allow criminals to listen in
A SECURITY flaw in the Amazon Echo smart speaker may have allowed criminals to eavesdrop on private conversations at home, researchers have found.
The always-listening Amazon Echo, which retails at £90, is the most popular smart speaker in the UK, making up three quarters of the market.
There have been persistent concerns that the devices could be used to spy on users.
Researchers at Chinese tech giant Tencent confirmed these fears at a recent security conference by demonstrating how a doctored Echo speaker can be used to gain access to other Echo devices. Not only could this allow criminals to spy on private conversations, but it could also let them take over the device and play random sounds to terrify users.
The researchers subsequently notified Amazon of the vulnerability, and the company issued a patch in July so the flaw has now been rectified.
The hack involved removing the flash memory chip on an Echo speaker, modifying it and then soldering it back into place. The modified version of the smart speaker could then hack into other Amazon Echos after connecting to the same local area network (LAN), claimed Tencent researchers Wu Huiyu and Qian Wenxiang.
The vulnerability was revealed at an annual conference for hackers, called DEF CON. This is not the first time that Amazon’s smart speakers have prompted security concerns.
‘In May, a woman had her private conversation with her husband recorded by their Amazon Alexa’
In May, a woman had her private conversation with her husband recorded by their Amazon Alexa and sent to a friend by email without their knowledge. Amazon said the smart speaker had misinterpreted the conversation as a set of demands.
An Amazon spokesman said: “We take security seriously. This issue would have required a malicious actor to have physical access to a customer’s device and the ability to modify the device hardware.”