Hackers Illustrate Trick That Turns Amazon Echo And All Smart Speakers Into Spy Bugs

Amazon was swift to respond to the Defcon hacking conference demonstration, updating all devices with the necessary corresponding security fixes.

Amazon Echo users may be used to reading some strange news about their beloved devices. In the past, the hands-free speakers have freaked people out by randomly laughing, standing in as the key witness to a murder and even autonomously recording and sending private conversations.

A 007-worthy hack

Now, the cybersecurity research division of Chinese internet giant Tencent, called Tencent Blade Team, has just illustrated a hack that can turn these Internet of Things (IoT) devices into spy bugs. The trick, that applies to all smart speakers, was presented on Sunday at this year's Defcon hacking conference.

"In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products," reads Tencent Blade Team's Defcon entry. "However, with the smart speakers coming into more and more homes, and the function becoming more powerful, its security has been questioned by many people."

Tencent's cybersecurity team goes on to explain that the public's concerns regarding the hacking of smart speakers, in order to invade their privacy or worse, are indeed valid. To illustrate their point, they presented a demonstration where they used Amazon Echo's multiple vulnerabilities to eavesdrop on users' conversation and even record them, completely undetected.

Making the internet safer for everyone

The presentation was led by security researchers Wu HuiYu and Qian Wenxiang who later took to Twitter to share publicly Defcon's media server featuring their slides and videos as well as the GitHub code to access them. Wenxiang thanked viewers for their support and said his firm would continue to do the work needed to make smart devices more secure.

According to Tencent's Blade Team webpage, the division "has reported more than 70 security vulnerabilities to a large number of international manufacturers, including Google and Apple." The team states their goal is to make the "Internet a safer place for everyone."

News

Woman Claims Alexa Recorded Private Conversation and Sent it to People

Amazon was quick to respond to several media outlets assuring Echo users that their devices' have been automatically updated with the appropriate security fixes to address this issue. The firm had the same swift reaction last April when security software company Checkmarx pointed out another potential threat in Alexa.

Amazon’s research and development team Lab126 even worked with Checkmarx to implement the necessary changes and upgrades. It is good to know that both retailers and security firms are working together to safeguard our privacy.

Via: Defcon