Root, On An Amazon Echo Dot

The Amazon Echo has become an indispensable device for many people unconcerned by its privacy implications. It’s easy to forget that it’s not quite a new product anymore, with the oldest examples now long in the tooth enough to no longer receive security updates. A surprise is that far from being mere clients to Amazon cloud services, they in fact run a version of Android. This makes old dots interesting to experimenters, but first is it possible to gain root access? [Daniel B] has managed it, on a second-generation Echo Dot.

In a sense, this is nothing new, as root has previously been achieved on an Echo Dot through means of a patched kernel. Echo devices use a chain of trust boot process in which each successive step must verify the Amazon signing of the previous one. The kernel patch method breaks the ability to reboot the device with root access. [Daniel’s] method bypasses that chain of trust by using a custom pre-loader injected over USB through an exploit.

As an example, [Daniel] created a web server on his Dot, which can serve audio captured by the device. Don’t panic just yet — an analysis of the other security features suggests that this is not the dangerous exploit it might seem. It does however open up these powerful but now pretty cheap devices as potentially usable for other purposes, which can only be a good thing.

We’ve previously brought you [Daniel]’s work freeing the WiFi details from a Dot.

A man next to a robot with animatronic eyes and a CRT display showing an audio waveform

Animatronic Alexa Gives Amazon’s Echo A Face

Today, we’re surrounded by talking computers and clever AI systems that a few decades ago only existed in science fiction. But they definitely looked different back then: instead of a disembodied voice like ChatGPT, classic sci-fi movies typically featured robots that had something resembling a human body, with an actual face you could talk to. [Thomas] over at Workshop Nation thought this human touch was missing from his Amazon Echo, and therefore set out to give Alexa a face in a project he christened Alexatron.

The basic idea was to design a device that would somehow make the Echo’s voice visible and, at the same time, provide a pair of eyes that move in a lifelike manner. For the voice, [Thomas] decided to use the CRT from a small black-and-white TV. By hooking up the Echo’s audio signal to the TV’s vertical deflection circuitry, he turned it into a rudimentary oscilloscope that shows Alexa’s waveform in real time. An acrylic enclosure shields the CRT’s high voltage while keeping everything inside clearly visible.

To complete the face, [Thomas] made a pair of animatronic eyes according to a design by [Will Cogley]. Consisting of just a handful of 3D-printed parts and six servos, it forms a pair of eyes that can move in all directions and blink just like a real person. Thanks to a “person sensor,” which is basically a smart camera that detects faces, the eyes will automatically follow anyone standing in front of the system. The eyes are closed when the system is dormant, but they will open and start looking for faces nearby when the Echo hears its wake word, just like a human or animal responds to its name.

The end result absolutely looks the part: we especially like the eye tracking feature, which gives it that human-like appearance that [Thomas] was aiming for. He isn’t the first person trying to give Alexa a face, though: there are already cute Furbys and creepy bunnies powered by Amazon’s AI, and we’ve even seen Alexa hooked up to an animatronic fish.

Continue reading “Animatronic Alexa Gives Amazon’s Echo A Face”

Photo of the Echo Dot PCB, highlighting the capacitor that needs to be shorted out for the exploit to work

Squeezing Secrets Out Of An Amazon Echo Dot

As we have seen time and time again, not every device stores our sensitive data in a respectful manner. Some of them send our personal data out to third parties, even! Today’s case is not a mythical one, however — it’s a jellybean Amazon Echo Dot, and [Daniel B] shows how to make it spill your WiFi secrets with a bit of a hardware nudge.

There’s been exploits for Amazon devices with the same CPU, so to save time, [Daniel] started by porting an old Amazon Fire exploit to the Echo Dot. This exploit requires tactically applying a piece of tin foil to a capacitor on the flash chip power rail, and it forces the Echo to surrender the contents of its entire filesystem, ripe for analysis. Immediately, [Daniel] found out that the Echo keeps your WiFi passwords in plain text, as well as API keys to some of the Amazon-tied services.

Found an old Echo Dot at a garage sale or on eBay? There might just be a WiFi password and a few API keys ripe for the taking, and who knows what other kinds of data it might hold. From Amazon service authentication keys to voice recognition models and maybe even voice recordings, it sounds like getting an Echo to spill your secrets isn’t all that hard.

We’ve seen an Echo hijacked into an always-on microphone before, also through physical access in the same vein, so perhaps we all should take care to keep our Echoes in a secure spot. Luckily, adding a hardware mute switch to Amazon’s popular surveillance device isn’t all that hard. Though that won’t keep your burned out smart bulbs from leaking your WiFi credentials.

This Week In Security: Ransomware, WeLock, And Amazon Arbitration

Another week of ransomware, and this time it’s the beef market that’s been shut down, due to a crippling infrastructure attack out of Russia — but hold up, it’s not that simple. Let’s cover the facts. Some time on Sunday, May 30, JBS USA discovered a ransomware attack against their systems. It seems that their response team did exceptionally well, pulling the plug on affected machines, and starting recovery right away. By Wednesday, it was reported that most of their operations were back in action.
Continue reading “This Week In Security: Ransomware, WeLock, And Amazon Arbitration”

PSA: Amazon Sidewalk Rolls Out June 8th

Whether you own any Amazon surveillance devices or not, we know how much you value your privacy. So consider this your friendly reminder that Amazon Sidewalk is going live in a few weeks, on June 8th. A rather long list of devices have this setting enabled by default, so if you haven’t done so already, here’s how to turn it off.

Don’t know what we’re talking about? Our own Jenny List covered the topic quite concretely a few months back. The idea behind it seems innocent enough on the surface — extend notoriously spotty Wi-Fi connectivity to devices on the outer bounds of the router’s reach, using Bluetooth and LoRa to talk between devices and share bandwidth. Essentially, when Amazon flips the switch in a few weeks, their entire fleet of opt-in-by-default devices will assume a kind of Borg hive-mind in that they’ll be able to share connectivity.

A comprehensive list of Sidewalk devices includes: Ring Floodlight Cam (2019), Ring Spotlight Cam Wired (2019), Ring Spotlight Cam Mount (2019), Echo (3rd Gen), Echo (4th Gen), Echo Dot (3rd Gen), Echo Dot (4th Gen), Echo Dot (3rd Gen) for Kids, Echo Dot (4th Gen) for Kids, Echo Dot with Clock (3rd Gen), Echo Dot with Clock (4th Gen), Echo Plus (1st Gen), Echo Plus (2nd Gen), Echo Show (1st Gen), Echo Show (2nd Gen), Echo Show 5, Echo Show 8, Echo Show 10, Echo Spot, Echo Studio, Echo Input, Echo Flex. — Amazon Sidewalk FAQ

Now this isn’t a private mesh network in your castle, it’s every device in the kingdom. So don’t hesitate, don’t wait, or it will be too late. Grab all your Things and opt-out if you don’t want your doorbell cam or Alexa machine on the party line. If you have the Alexa app, you can allegedly opt out on all your devices at once.

Worried that Alexa is listening to you more often than she lets on? You’re probably right.

Taking A Peek Inside The Newest Echo Show 10

When Amazon released the original Echo, it was a pretty simple affair. Cylinder, some LEDs on top, done. Then they came out with the Echo Dot, which was basically the same thing, but shorter. It seemed like there was a pretty clear theme for awhile, but then at some point Amazon decided it would be a good idea to start producing Echo devices in every form factor imaginable, from wall plugs to literal sunglasses, and things got a lot more complicated. As a perfect example, take a look at this teardown of the third generation Echo Show 10 by [txyzinfo].

Granted the base still looks a bit like the Echos of old, but the family resemblance stops there. As you can probably gather from the name, the Show features a high resolution 10.1 inch LCD panel, greatly improving the number and type of advertisements Amazon is able to force on the user. In true Black Mirror fashion, there’s even a brushless motor in the base that allows the machine to rotate the display towards the user no matter how hard they try to escape.

A salvageable part if there ever was one.

The teardown is presented with no commentary; in both the video below and on the Hackaday.IO page, all you’ll find are clear and well-lit images of the device’s internals. But for those who are just interested in what the inside of one of these $250 USD gadgets looks like, that’s all you really need.

At this point, it doesn’t seem like [txyzinfo] is trying to reverse engineer the Show or figure out how it all works, and looking at the complexity of that main board, we’re not surprised. Still, it’s a marvel to look at all the hardware they packed into such a relatively small device.

If you’re looking for a more technical examination at the newer Echo devices, [Brian Dorey] did some impressive poking around on the third generation Dot in 2019 and [electronupdate] went as far as decapping a few of the chips inside the Flex. On the software side of things, check out the recent efforts to craft an open source firmware for the original Echo.

Continue reading “Taking A Peek Inside The Newest Echo Show 10”

On-Air Sign Helps Keep Your Broadcasts G-Rated

Like many of us, [Michael] needed a way to let the family know whether pants are required to enter the room — in other words, whenever a videoconference is in progress. Sure he could hang a do not disturb sign, but those are easy to forget. There’s no need to worry about forgetting to change status because this beautiful wall-mounted sign can be controlled with Alexa.

Inside the gorgeous box made from walnut, curly maple, and oak is an ESP32, some RGB LEDs, and three MOSFETs. [Michael] is using the fauxmoESP library to interface the ESP32 with Alexa, which emulates a Phillips Hue bulb for the sake of using a protocol she already knows. [Michael] can change the color and brightness percentage with voice commands.

The sign is set up as four different devices — one default, and one for each color. Since talking to Alexa isn’t always appropriate, [Michael] can also change the color of the LEDs using sliders on a website that’s served up by the ESP. Check out the full build video after the break.

Need something quick and dirty that works just as well? Our own [Bob Baddeley] made a status indicator that’s simple and effective.

Continue reading “On-Air Sign Helps Keep Your Broadcasts G-Rated”