Researchers found a semi-legit way to turn an Amazon Echo into a wiretap
An Amazon Echo application created by security researchers proves how the popular smart home device can be co-opted to remotely listen to people’s nearby conversations, according to cybersecurity firm CheckMarx. The research describes how an inherent design flaw in the Amazon Echo could be exploited to covertly and remotely launch the Alexa voice assistant on compromised devices. Alexa was engineered to be able to record and react to voice commands within a predetermined distance from the device. During their controlled experiment, CheckMarx researchers disguised a malicious Echo skill by marketing it as a voice-enabled calculator application that leverages Alexa to execute certain commands. “It can be done totally remotely,” said Erez Yalon, manager of application security research at Checkmarx. “While a hacker creates a malicious skill and publish it to the Amazon store, every user that will use this Amazon skill is exposed.” CheckMarx says the trick didn’t “break or hack […]
The post Researchers found a semi-legit way to turn an Amazon Echo into a wiretap appeared first on Cyberscoop.
Continue reading Researchers found a semi-legit way to turn an Amazon Echo into a wiretap