Amazon Echo vulnerable to wiretap hack

Alexa may not be the only one listening in to what is being said within range of Amazon Echo devices, it has emerged.

Cyber security experts MWR identified hardware in the 2015 and 2016 editions of Amazon Echo that leave the devices vulnerable to hackers. This hack allows cyber criminals to listen in not just to what is being said directly to the device, but everything that is said within its vicinity – thanks to the ‘always on’ nature of the Echo microphone.

Arguably the most worrying development, as far as users are concerned, is that this hack has no impact on the functionality of Echo devices. As such, users won’t ever be aware that their device has been hacked, as it will continue to work as normal.

This hack cannot be achieved remotely

However, there is one major stumbling block for any would-be hackers wanting to try this out for themselves – it cannot be done remotely. To wiretap the Echo, hackers must first get hold of it, then remove the rubber base in to access its debug pads. After this, it’s a relatively simple case of installing an external SD card from which to boot the device. Only then, once this external SD card has been installed, are hackers then able to remotely control the device and load the malware needed to spy on what is being said.

Beware second-hand devices and public access

Though it’s unlikely that domestic users are at risk of being hacked (because of the access issue), there are other concerns. For example, it’s something to bear in mind for anyone buying an Echo second-hand, or using one in a public space (such as a hotel room, where they are becoming increasingly popular).

It’s good news for anyone with a 2017 model, though, as these aren’t vulnerable to the same attack. To check whether your device is susceptible, take a look at the model number. You’re secure if it ends in 02. If not, you may want to be careful about who you allow to get in contact with your device, or what you say around it.