Since the launch of smart speakers such as Amazon Echo, some people began to worry that these devices may overhear their speech. In recent days, Tencent security researchers have discovered a way to crack Echo and use it for monitoring, which makes this part of the people’s concerns seem unreasonable.
According to the researchers, they can modify the device by removing the flash chip from the Echo and rewriting the firmware on it. In this way, they can use the series of network vulnerabilities in the Amazon website and Alexa interface to attack other Echo devices.
However, this attack method has certain limitations. For example, researchers can only launch attacks when their devices are on the same wireless network as the target Echo.
After discovering this vulnerability, Tencent researchers have quickly responded to Amazon. The company has already solved the problem in a security patch pushed in July.