Do you own an Amazon Echo? If so, you are one of millions of people who enjoy the benefits of the virtual assistant, who can answer questions, help you with phone calls and even run some smart appliances in your home.
While its ability to do so much and really integrate itself into our lives is a nice benefit, it also makes the Echo a prime target for cybercriminals. Just think about how much your Echo knows about you and can access, and then consider what would happen if the wrong person accessed it or gained control over it.
That's not something that has been an issue up to this point, as there has been no discovery of Echo-related malware. But that's not to say it can't happen and in fact, some Chinese hackers have apparently figured out a way to break in.
The good news it's not an easy hack
As far as hacks go, this one requires a good amount of effort. The method, which was created by the Blade team of security researchers at a Chinese tech firm Tencent, took months to develop.
Even still it's not exactly a full-blown takeover of the device.
However it is, at least for now, the closest thing to showing that yes, the devices that are in so many homes could be turned against their owners. In this case, the hack pieces together a series of bugs in the second-generation Echo to eventually force it to stream audio from the microphone to a remote attacker.
There would be nothing that alerts anyone to the hack, with no sign that the device has been at all compromised.
Fear not, though
The hack was discussed at the DefCon security conference in Nevada, and the people behind it already alerted Amazon to what they found. The company released security fixes in July, which should help even if it was not likely anyone would really be able to pull this off.
To break into the Echo and turn it into a spy required plenty of skill, including the ability to mess with hardware, as well as access to the Echo's Wi-Fi network. What did they have to do?
The hackers took their Echo and removed its flash chip, which they then wrote some firmware into. They re-soldered the chip back into the Echo's motherboard, which turned their speaker into a tool for attacking other Echoes.
From there, taking advantage of multiple web vulnerabilities in the Alexa interface on Amazon.com -- vulnerabilities that required cross-site scripting, URL redirection and HTTPS downgrade attacks -- they were able to link their hacked Echo with a targeted user's Amazon account.
With that, as long as they are able to get their Echo onto the same Wi-Fi network as the device they are trying to access they can take advantage of a software component regarding the Echo's speakers that allows it to communicate with other Echoes on the same network.
Finally, that would give the hackers the chance to take full control over the other Echo, allowing them to make use of it or even turn it into a recording device.
Assuming most hackers don't have that kind of talent or even patience, your Echo is probably safe. As long as the hackers cannot access your Echo's network it will be alright and besides, Amazon said there is no need to take any action regarding this since their device has been automatically updated with fixes.
That said, this does show that it is possible and if nothing else is a sign that this is something that will likely have to be dealt with in the future.
Make sure your smart home is secure
Here's 7 ways to hack-proof your smartphone to keep your data safe
Knowing that pretty much everyone is after our personal information, it's a good idea to take safety precautions. That's why it's important for you to know these seven ways to hack-proof your smartphone to keep your data safe. Tap or click here for some tips.