Vulnerabilities in the popular Amazon Echo smart speaker have been exploited by a professional hacker to transform the device into something altogether more sinister, allowing those with sinister intentions to turn the household gadgets into covert microphones and more.
Security researcher Mark Barnes found that the continuous audio stream the device is designed to listen into can be relayed to an attacker, made possible by accessing the hardware inside via connections underneath.
Barnes achieved the device takeover by removing the rubber base to expose electrical contacts, allowing him to work out the boot-up procedure and configuration employed – opening a door to wresting control by attaching custom software loaded on a memory card connected to a contact pad.
While not commenting directly on the vulnerability Amazon did say: “To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date.”
While the vulnerability does require physical access to an Echo, Barnes warned that second-hand devices and Echos left unattended while on holiday or business trips, could all potentially be at risk.
The treasure trove of data being amassed by Amazon's Alexa voice assistant and Echo speaker has been cited by WPP's Sorrell as the leading edge of a new data-driven threat to the established order in advertising.