South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
AbacusTech

Tencent security team found a way to eavesdrop through an Amazon Echo

It’s not easy… and Amazon says the flaw has been fixed

Cybersecurity
Xinmei Shen
Xinmei Shen
Why you can trust SCMP
This article originally appeared on ABACUS
Alexa hasn’t always been the best listener. Devices running on Amazon’s voice assistant are known to have confused background noise as user commands, prompting them to laugh inappropriately -- and in one case, send a recorded private conversation to a random contact.

To be clear, Alexa wasn’t spying on anyone in those instances. But it hasn’t stopped people from wondering if it’s possible for hackers to break in and eavesdrop through these devices.

At the DefCon security conference in Las Vegas over the weekend, a team of security researchers from Tencent demonstrated a way to remotely control an Amazon Echo, directing it to quietly record and transmit audio to an attacker.   
Researchers Wu Huiyu and Qian Wenxiang presenting their research at DefCon. (Picture: Tencent Blade Team)

The Tencent Blade Team exploited software on the smart speakers that allows devices to communicate with each other. By rewriting the firmware on the flash chip, an Echo can be used to hack into other Echoes -- but only if the devices share the same Wi-Fi network.

That means it might be harder to use this hack to target average home users, whose Echoes are likely connected to a password-protected Wi-Fi network. At the same time, as Wired points out, this could leave Echoes in schools, hotels and other places with shared passwords at higher risk.
If you own an Echo, don’t worry. Amazon said it already rolled out patches in July after it was alerted to the problem by the Tencent researchers. Amazon also told Abacus that the hack would have required a malicious actor to have physical access to a device and the ability to modify the device hardware. It said users don’t need to take any action because their devices have been automatically updated with security fixes.
This isn’t the first security vulnerability discovered by the Tencent Blade Team. Earlier this year it also found bugs in Xiaomi’s AI speaker -- one of the most popular in China. Xiaomi said in June it had fixed the loopholes.

Why aren’t people buying smart speakers in China?

For more insights into China tech, sign up for our tech newsletters, subscribe to our Inside China Tech podcast, and download the comprehensive 2019 China Internet Report. Also roam China Tech City, an award-winning interactive digital map at our sister site Abacus.

Post