Is your friendly Amazon Echo serving your every whim and need – or is it spying on you? A British researcher has found a simple way of using malware and an SD card to convert an innocent speaker into a secret bugging device. In a time where voice-activated digital assistants are becoming more ubiquitous at home, work and even in hotels and other public spaces, this is a risk worth assessing.
Admittedly this vulnerability only applies to pre-2017 Echoes, involves a lot of soldering and lacks subterfuge due to the suspicious-looking wires protruding from its base, but it would not be hard to produce a less detectable version – allowing an attacker to hijack its microphone and siphon off its audio. More damagingly, it could deposit ransomware or steal the owner’s Amazon account.
Amazon has now rectified this glitch. It is also advising customers to only buy Echoes through official Amazon outlets, rather than off the back of a lorry. The researcher also has a couple of useful tips for anyone using an old Echo who doesn’t want their private conversations splashed all over WikiLeaks – either press the mute button or, better still, turn it off altogether.