Posted on 08/01/2017 8:10:07 PM PDT by BenLurkin
Hackers have figured out how to turn an Amazon Echo into a live microphone. First reported by Wired, the attack requires physical access to the device, is limited to pre-2017 Echoes, and would be difficult to deploy at scale. But when successful, it would allow hackers to pull a live feed of all audio within range of the device, even if the wake word hasn’t been said. The method could also allow hackers to remotely retrieve authentication tokens and other sensitive data from the device.
Researcher Mark Barnes laid out the attack in a blog post earlier today. In simple terms, Barnes’ method compromises the device by booting from an inserted SD card — similar to a LiveCD — and uses that access to rewrite the Echo’s firmware. Once the firmware is rewritten, the hacked Echo can send all audio captured by the microphone to a third party, remaining compromised even after the SD card is removed. "Echo devices made before 2017 could remain vulnerable indefinitely"
“Customer trust is very important to us,” Amazon said in a statement. “To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date.”
Barnes’ attack only works on the 2015 and 2016 versions of the Echo. The 2017 model makes an internal hardware change that prevents an SD card from operating as an SPI peripheral, a crucial element of the hack. Without moving into SPI mode, the Echo can’t boot directly from the SD card, leaving no way to execute the attack.
(Excerpt) Read more at theverge.com ...
I turned speakers into microphones 50 years ago.
Meh...
This is why I don’t have spy devices in my home.
Besiides, the hackers interfere with Amazon listening all the timd, and transcribing every word to searchable text.
What is an Amazon Echo?
Good point... any speaker plugged into a mic jack becomes a microphone.
Anything with a mic can be turned into a bug. It was just hardervwith hardwired phones and the like.
True, but why would anyone do that?
Well duh, if someone has physical access to your home, they can plant listening devices...
Same mechanical make-up. A coil and a magnet. Same as an electric motor.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.