Turning an Amazon Echo into an Eavesdropping Device
For once, the real story isn’t as bad as it seems. A researcher has figured out how to install malware onto an Echo that causes it to stream audio back to a remote controller, but:
The technique requires gaining physical access to the target Echo, and it works only on devices sold before 2017. But there’s no software fix for older units, Barnes warns, and the attack can be performed without leaving any sign of hardware intrusion.
The way to implement this attack is by intercepting the Echo before it arrives at the target location. But if you can do that, there are a lot of other things you can do. So while this is a vulnerability that needs to be fixed—and seems to have inadvertently been fixed—it’s not a cause for alarm.
firsttimeforeverything • August 10, 2017 2:31 PM
Seems like this would be a pretty big concern for individuals that buy used electronics. I haven’t looked up how big the market is for a used Echo, but just Ebay has 311 results when I searched for “used amazon echo”. I’d be very worried someone could just purchase an Echo, install the malware, and then sell it at a discount used and spy/collect data that way. Like you said, this would just be one thing on a checklist of modifications one could do in this situation. Not a fan.