It is an inevitability that following swiftly on the heels of the release of a new device there will be an announcement of its rooting, reverse engineering, or other revealing of its hackability. Now the device in question is the Amazon Echo, as MWR Labs announce their work in persuading an Echo to yield the live audio from the microphone and turn the voice assistant device into a covert listening device.
The work hinges on a previous discovery and reverse engineering (PDF) of Amazon’s debug connector on the base of the Echo, which exposes both an SD card interface and a serial terminal. Following that work, they were able to gain root access to the device, analyze the structure of the audio buffers and how the different Echo processes use them, and run Amazon’s own “shmbuf_tool” application to pipe raw audio data to a network stream. Astoundingly this could be done without compromising the normal operation of the device.
It should be stressed, that this is an exploit that requires physical access to the device and a bit of knowledge to perform. But it’s not inconceivable that it could be made into a near-automated process requiring only a device with a set of pogo pins to be mated with an Echo that has had its cover quickly removed.
That said, inevitably there will be enough unused Echos floating around before too long that their rootability will make them useful to people in our community. We look forward to what interesting projects people come up with using rooted Echos.
This isn’t the first time we’ve covered the use of an Echo as a listening device.
Via Hacker News.
Amazon Echo image: FASTILY [CC BY-SA 4.0].
31 thoughts on “The Amazon Echo As A Listening Device”
“It should be stressed, that this is an exploit that requires physical access to the device and a bit of knowledge to perform. But it’s not inconceivable that it could be made into a near-automated process requiring only a device with a set of pogo pins to be mated with an Echo that has had its cover quickly removed.”
So not only should we avoid USB drives left in the parking lot, but Echoes as well?
Maybe rather one should avoid cheap used Echos found online. :)
And watch out for those tech-savvy maids and babysitters ;)
Why exactly is everyone running this news as some potential attack against users and not simply reporting that someone managed to root the echo?
It certainly isn’t an attack on user privacy as any would be bad actor that could access and remove the cover of your Echo could just plant a stand alone bug, install taps in network lines, inline hardware key loggers, or just steal your wallet.
If anything this will allow an INCREASE in user privacy as they can gain root access themselves and make sure off is *really* off.
People interested in user privacy wont buy one in the first place.
Amen Yes! It’s like adding a new front door to the house, screen only, and no lock.
Because it has a microphone, it’s scaaaaaaaaaary
It is “abuse-able”…. therefore it will be.
Why should he plant another (standalone) bug, which needs power, when you already bought a bug (your ECHO) for him and installed it in your living room, conveniently waiting for activation?
Of course it is good to know, what’s possible and that you can (potentially) root your device. But first hand, I just would not buy such a device.
I’d love to here about someone getting one of the open source assistant projects like Mycroft or Jasper running on the Echo. I imagine the price of the hardware is quite subsidized compared to what you’d need to make a similarly capable setup.
For people who say this isn’t a hack: turning an overt listening device into a covert listening device is quite the feat. Especially since they managed to do it without interfering with the overt part. Imagine… getting suspicious that someone is always listening because suddenly Amazon isn’t. Ha!
You made a mistake in your first paragraph; I fixed it for you:
You made a mistake in your first paragraph; I fixed it for you:
+1, Nothing like killing privacy with a device that already kills privacy ;)
Time to throw away the cell phone. ;-)
As well as your laptop; all laptops that I’ve ever seen have microphones built in. It’s trivial to install hidden spyware in Windows and macOS (even remotely via phishing links or evil browser plugins) and those OSes are on ~94% of the laptops in use today.
My laptop _had_ a microphone built in.
You say trivial, I say good luck.
It’d be a cool hack though.
“Nothing like killing privacy with a device that already kills privacy.”
The voluntarily self-installed “1984” you pay for out of your own pocket. F’ing brilliant…
Oh my god. You can turn a listening device into a listening device!
Who would have expected that?
You’re All Idiots
by Karl Denninger
Jesus, Bezos believes you’re a complete, ****ing idiot.
Amazon has introduced a “new” Echo device. Having convinced a number of people to allow them to stick an always on speaker and microphone in their house with the data going to Amazon and whoever else they wish, they have now upped the game with both a camera and screen.
Gee, that’s real nice. A camera and microphone inexorably tied to and controlled by a big company in your house where it can and will transmit both audio and video under their, not your, control.
If I see one of these in your house I know for a fact that you’re stupid — and I’m immediately leaving, never to return.
It was inevitable as marketers and companies want feedback from their devices. We give up privacy for innovation.
Problem is it’s not THEIR device.
I am my father’s son. This does not connote ownership.
Right of first sale connotes the device is mine.
My android phone already sends my speech to advertisers, so this can’t be this much worse.
Correct me if I’m wrong, but the microphone power connection is tied into the LED ring? You can still hit the mute button on top of the echo and the red LED ring will light up and the microphone is disabled.
Correct me if I’m wrong, but the microphone mute button is hardwired with the red LED ring in a way that the microphone and the red LED’s can’t both be on at the same time.
Wrong, that’s only tied to a microcontroller pin for when it recognises “alexa” out of all the myriad words it picks up and sends to Amazon for processing.
This is very interesting
Please be kind and respectful to help make the comments section excellent. (Comment Policy)