Is Your Echo Flex Listening?

We are always surprised that Amazon or Google doesn’t employ Kelsey Grammer — TV’s Frasier — as a spokesman for their smart home devices. After all, his catchphrase was, “I’m listening…” Maybe they don’t want to remind you that the device could, theoretically, be sending everything you say to them or a nefarious hacker or government agency. Sure, there’s a mute button and it lights up a red LED.

But if you are truly paranoid, that’s not enough. After all, the same people want to eavesdrop on you would be happy to fake a red light. [Electronupdate] had the same thought and decided to answer the question: does the mute button really mute your microphone? The answer required not only some case opening and analysis, but there was even some IC decapsulation.

We were impressed with the depth of the analysis. The tiny SMD parts are marked confusingly, and if you are really paranoid you don’t believe them anyway. But looking at the actual circuit die is pretty unambiguous. The  parts in question turned out to be a Schmitt trigger, a flip flop, and a NAND gate.

In the end, it appears that the red mute light comes on when the microphone has no power. So it looks like the mute button is real. The comments are already speculating ways that a spy could listen in even with the red light on — or at least appearing on, but it isn’t clear that would really be possible.

Tearing down home assistants is a common practice. If you think a device like this can’t be coopted, think again.

42 thoughts on “Is Your Echo Flex Listening?

  1. What? So the RED LIGHT means it is NOT LISTENING?

    That’s the opposite of what everybody else has been doing for years, with videocams, and even the webcams of today, turning on a light when they are ON, not when they are off!

    1. I guess it depends what you consider the default state of the device should be, and whether you want it to be obvious that there’s a thing working or not working. I’ve seen plenty of televisions that show a red light when they’re in standby. Often security cameras will show a light to indicate they’re on, and fake cameras often imitate that so in that case it means nothing.

    2. The devices default to “blue” for listening and “red” for not listening. So there isn’t an apples-to-apples similarity between it and a webcam where “no light” = “not watching” and “red light” = “watching”.

    3. Let’s be honest, given that the whole selling point of all these devices is “listening to your every word”, a red light indicating that it’s no longer doing that isn’t so bad.

      It still mystifies me that anyone allows these things into their homes, never mind actively paying for them.

  2. Well, if you look up how much information is collected daily by tech. companies you might be amazed. They are essentially trying to record reality in real time on a server farm somewhere, this is why some are try I g to sink server farms in a cold ocean somewhere to cool said farms, as these server farms require Huge amount of power to maintain, like all the time, which is another issue all together, but I digress. Anyway, one of the issues I could see with collecting all this information, which they may not have sufficiently developed AI to sift through all said information to some amount of usefulness yet, is redundancy in information collected. If one is having issues with volume and ability to sift through said volume, I would expect you wouldn’t want to sift through the same information over and over again, thusly wasting all sorts of resources, as more than not of ‘smart tech’ as a whole is already recording whatever it hears, or sees in some cases. How many items in todays average home is recording something or another for some purpose or another? Mute this thing, no worries, there are three more recording the same thing. If everthing had a mute button that worked, then ok, hiwever we know this isn’t the case. There is more, but why.

    1. Microsoft is right in there with spying…errrrrr data collecting. Windows 10’s settings for “diagnostic” and “user experience” retrieval is more Big Brother than people know. Also convincing users that they have to have a Microsoft account to login to their computers is deceptive. A local account can be set up easily. So be aware….your Alexa and Google Home are not the only ones keeping an eye…or ear on you. Oh and don’t throw down the tired phrase… that’s why I have an Apple computer….they are sneakier and have been doing it longer.

      1. Very well said and the most overlooked data collection company. The only thing I have to add to all this is that I cannot remember what I was originally searching for. 😂

      2. I think I recall reading some outrage or another about MicroSoft keylogging back in the 90’s (?). If that were true, this makes MicroSoft the grandfather of all these shenanigans of today. I don’t think all this snooping to some, data collection to others is new by any stretch (nit saying you said otherwise). Inthink the difference between today and yesteryear is that this data collection is baked into the internet now, for your average user, where it wasn’t so invasive in days past.

      1. What? You think it’s cheaper to make and maintain a capsule that can survive years being submersed in salty water, getting power and data connections to it then lowering it down to the ocean bottom? And then leaving it there so any maintenance requires bringing it back up again?

        Cheaper to do that than to rent some old warehouse somewhere? Land isn’t that expensive! Besides, if you are already talking about having to bring connectivity to the location (I don’t think Sponge Bob is sharing his internet connection) why not build outside the city where land is cheaper?

        No. Power not land price is the reason. But it’s not because it’s easier to get power IN to an underwater data center. It’s because it’s easier to get power OUT. All that power a computer (or any other device) uses ends up as heat. Fail to remove the heat and your computer cooks itself to death. That heat must be driven away, traditionally with fans and air conditioners that require even more power to run.

        Sea water is usually cooler and always denser than air so it can remove the waste heat much more efficiently than air can. That’s the advantage to building a data center underwater. It cuts the air conditioning bill.

          1. Cost is in watts, sure they are ‘saving watts’ by sinking it. Anyway one cut’s it, this is a huge waste of resources simply to record what is essentially reality for some purpose or another, of which we don’t really know what happens to that information beyond it is worth it to tech to capture it at cost, store it indefinately at cost, secure it at cost. It is like gold to them, I would like to know why and how, as the reason of showing me targeted ads is wearing out.

  3. Since you are being paranoid, they could disguise the real spying microphone as some other part, then leave a secondary one in plain sight, to misguide those few that would inspect the appliance and/or remove the microphone.

  4. The mute button might be very real, in the sense that an active microphone with no power is highly muted in output signal. The real question this raises for those paranoid enough to care, but stupid enough to still have the device is does the signal drop enough that it really isn’t able to listen at all.

    I’ve used a powered studio mic with no power without noticing before – if there’s any auto volume or easy volume slider to correct when the mic signal is low, so you probably get more noise, but it still works just fine. I’d expect these surface mount mics to be the same, though because of their much smaller size its possible they are not able to produce a useable signal with no power. Its not something I’ve ever looked into.

    1. These are not just “amplified microphones”. The output signal from them are completely digital. There are a lot of circuitry in them. Just search for “digital mems microphone”. If you look closer there are two signal wires coming out from the mic. One is clock, the other one is the data. So if you kill power then these are “muted”, as nothing powers the internal ADC.

      One can argue that it is possible to power them through the clock pin, but I’m not sure if that would work.

      1. Not all MEMs are digital output, and as far as I am aware digital is actually rarer, I don’t think anything I’ve ever played with had one – and I didn’t see anything saying this one categorically is digital anyway – if your in the paranoid camp a package with enough pins could be something other than what its casing claims – just because it looks to you like a digital output in layout and case label doesn’t stop it being something else entirely…

  5. I was watching a comedy movie one night and one of the characters said “..you really need to have sex” . I heard a voice in my kitchen (my Lenovo Google Home) say…” I’m sorry I can’t help you with that..” 😆😆😆😆😆😆😆

  6. I really just want a way that works to sniff my personal Alexa traffic (even if i have to enable some dev mode on the device itself), I’ve tried several MITM methods and none have done much more than make the device/app stop communicating all together…

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.