Security researchers from China will present their hack of the Amazon Echo, which turns it into a spying device, at the DEFCON event in Las Vegas.
Wu Huiyu and Qian Wenxiang, who work at Tencent, disclosed their discovery to Amazon which issued a patch, Wired reported.
According to the report, the researchers had to exploit several bugs for the attack to work. Their technique also requires that they have access to the same Wi-Fi network as the Amazon Echo.
To take over an Echo, the researchers disassembled it and wrote custom firmware to the device’s flash chip – which they had to remove and re-solder to the Echo’s motherboard.
They then used a chain of vulnerabilities in the Alexa web interface, all of which Amazon has subsequently patched: cross-site scripting, URL redirection, and HTTPS downgrade attacks. This allowed them to link the hacked Echo with their target’s Amazon account.
Once on the same network as their target device, the attackers exploited the Whole Home Audio Daemon, a software component in the Echo which lets devices communicate with one another.
The daemon contained a vulnerability which allowed them to take over the target speaker with their hacked Echo.
While their attack is limited, the report stated it demonstrates an issue with smart speakers that security researchers have warned about.