How to Make Amazon Echo Control Fake WeMo Devices

[Chris] has been playing with the Amazon Echo. It’s sort of like having Siri or Google Now available as part of your home, but with built-in support for certain other home automation appliances like those from Belkin WeMo and Philips. The problem was [Chris] didn’t want to be limited to only those brands. He had other home automation gear that he felt should work with Amazon Echo, but didn’t. That’s when he came up with the clever idea to just emulate one of the supported platforms.

The WeMo devices use UPnP to perform certain functions over the network. [Chris] wanted to see how these communications actually worked, so he fired up his laptop and put his WiFi adapter into monitor mode. Then he used Wireshark to start collecting packets. He found that the device detection function starts out with the Echo searching for WeMo devices using UPnP. The device then responds to the Echo with the device’s URL using HTTP over UDP. The Echo then requests the device’s description using that HTTP URL. The description is then returned as an HTTP response.

The actual “on/off” functionality of the WeMo devices is simpler since the Echo already knows about the device. The Echo simply connects to the WeMo over the HTTP interface and issues a “SetBinaryState” command. The WeMo then obliges and returns a confirmation via HTTP.

WeMo Echo
How Echo Communicates with WeMo Devices

[Steve] was able to use this information to set up his own WeMo “virtual cloud”. Each virtual device would have its own IP address. They would also need to have a listener for UDP broadcasts as well as an HTTP listener running on the WeMo port 49153. Each virtual device would also need to be able to respond to the UPnP discovery requests and the “on/off” commands.

[Chris] used a Linux server, creating a new virtual Ethernet interface for each virtual WeMo switch. A single Python script runs the WeMo emulation, listening for the UPnP broadcast and sending a different response for each virtual device. Part of the response includes the device’s “friendly name”, which is what the Echo listens for when the user says voice commands. Since the virtual WeMo devices are free, this allows [Chris] to make multiple phrases for each device. So rather than be limited to “television”, he can also make a separate device for “TV” that performs the same function. [Chris] is also no longer limited to only specific brands of home automation gear.

There’s still a long way to go in hacking this device. There’s a lot of hardware under the hood to work with. Has anyone else gotten their hands (and bench tools) on one of these?

Ask Hackaday: Is Amazon Echo the Future of Home Automation?

Unless you’ve been living under a case of 1 farad capacitors, you’ve heard of the Amazon Echo. Roughly the size of two cans of beans, the Echo packs quite a punch for such a small package. It’s powered by a Texas Instrument DM3725 processor riding on 256 megs of RAM and 4 gigs of SanDisk iNAND ultra flash memory. Qualcomm Atheros takes care of the WiFi and Bluetooth, and various TI chips take care of the audio codecs and amplifiers.

What’s unique about Echo is its amazing voice recognition. While the “brains” of the Echo exist somewhere on the Internets, the hardware for this circuitry is straight forward. Seven, yes seven microphones are positioned around the top of the device. They feed into four Texas Instrument 92dB SNR low-power stereo ADCs. The hardware and software make for a very capable voice recognition that works from anywhere in the room. For the output sound, two speakers are utilized – a woofer and a tweeter. They’re both powered via a TI 15 watts class D amplifier. Check out this full tear down for more details of the hardware.

circuit board

Now that we have a good idea of the hardware, we have to accept the bad news that this is a closed source device. While we’ve seen other hacks where people poll the to-do list through the unofficial API, it still leaves a lot to be desired. For instance, the wake word, or the word which signals the Echo to start listening to commands, is either “Alexa” or “Amazon”. There is no other way to change this, even though it should be easily doable in the software. It should be obvious that people will want to call it “Computer” or “Jarvis”. But do not fret my hacker friends, for I have good news!

It appears that Amazon sees (or had seen all along) that home automation is the future of the Echo. They now officially support Philips Hue and Belkin WeMo gadgets. The Belkin WeMo, which is no stranger to the hacker’s workbench, has a good handle on home automation already, making the ability to control things in your house with the Echo tantalizingly close. See the video below where I test it out. Now, if you’re not excited yet, you haven’t heard of the WeMo Maker, a device which they claim will let you “Control nearly any low-voltage electronics device“. While the WeMo Maker is not supported as of yet, it surely will be in the near future.

We know it sucks that all of this is closed source. But it sure is cool! So here’s the question: Is the Echo the future of home automation? Sure, it has its obvious flaws, and one would think home automation is not exactly Amazon’s most direct business model (they just want you to buy stuff). However, it works very well as a home automation core. Possibility better than anything out there right now – both closed and open source.

Do you think Amazon would ever open the door to letting the Echo run open source modules which allow the community to add control of just about any wireless devices? Do you think that doing so would crown Amazon the king of home automation in the years to come?

Continue reading “Ask Hackaday: Is Amazon Echo the Future of Home Automation?”

Turning the Belkin WeMo into a deathtrap

The Belkin WeMo is a small, WiFi connected outlet controlled by a mobile device that adds Internet control to a desk lamp, coffee maker, or, if you’re feeling daring, your home server. It’s an interesting device, but of course there are a few security implications of having your electric kettle connected to the Internet. [Daniel] was able to get root on his Belkin WeMo and with full control of his Internet-connected outlet was able to turn it into a deathtrap.

[Daniel] says his exploit could be developed into a virus that will scan for WeMo devices. Once these Internet-connected devices are found, it’s easy to turn these devices on and off really fast; something not too dangerous for a desk lamp, but potentially lethal if it’s plugged into a space heater.

In the video after the break, you can see [Daniel] exploiting the WeMo with a flaw in its UPnP implementation. There’s footage of his terminal hacking and of his desk lamp being turned on and off really fast, something that could be very dangerous for higher current devices.

Continue reading “Turning the Belkin WeMo into a deathtrap”