Hackers turn Amazon Echo into a spy device

Hackers turn Amazon Echo into a spy device 1

With the push of companies launching their virtual assistants (VAs), security should always be a concern since these things are mass-produced on a large scale. A small security loophole could put thousands or even millions at risk, whether it be Google Home or Amazon’s line of Alexa-equipped devices. Since they’re all connected to the internet at all times, it enables hackers to potential siphon information about the data it collects and can be exploited.

A hack was demonstrated at Def Con 26, where hackers used multiple vulnerabilities to demo how the Echo could be used as an eavesdropping device:

“In this talk, we will present how to use multiple vulnerabilities to … remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we’re also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice.”

For the plain-English person, this roughly translates to tweaking Alexa’s onboard firmware content in order to use it to spy on its surroundings. it can listen silently, be controlled to speak, and have the speech module overwritten from a remote location. this means a hacker could potentially hack into an Echo device and force it to speak or listen to its environment and relay the sounds back to the hacker’s computer.

As companies jump onboard the VA bandwagon, security is an issue that needs to be addressed. Simply having it in the household doesn’t mean it’s safe from hacking and vulnerabilities. Companies that are new to the scene like Facebook, who plans to launch their own version of a smart speaker very soon, will only create more demand for these types of products, which means a larger audience to safeguard from hacks and a more appealing target for hackers to bypass the security.

Although Amazon’s Alexa already listens to what its users say, it follows and purges in a timed interval (trailing five seconds after its name), unlike this hack which actually relays the information without a purge.

Amazon has fixed and patched the security issue that was demonstrated with a patch and quickly resolved.

Image via Amazon.

Nintendo building more “hack-proof” Switch Consoles

Nintendo building more "hack-proof" Switch Consoles 2

A few months back, there was the word of a new “unpatchable” exploit on the Nintendo Switch which allowed hackers to run custom firmware, homebrew consoles, and of course, pirated games and software on the Switch’s existing hardware.

Nintendo has been reported that they’ve patched the exploit by selling newly-patched hardware in newer Switch models that have been fixed at the factory-level in order to prevent the exploit.

The report comes from SciresM, a well-known hacker in the Switch world, who wrote that some Switch units on retail shelves are not vulnerable to the exploit known as “Fusée Gelée.” SciresM also suspects that Nintendo has used the iPatch system on the GPU to burn the protective code into the boot ROM, which cuts of the USB recovery mode overflow error that was the previous entry point.

The iPatches are simple for Nintendo to patch in while the console is being produced in the factory, but it’s impossible to load onto the millions of Switch units that are already in circulation.

The newer “patched” units are running firmware version 4.1.0, which has been outdated since the 5.0.0 release in March. This means that they’re not really new in terms of firmware, but rather suggests that the “patched” units were already built earlier this year and Nintendo was on the case.

Nintendo is reported to have utilized data from various hacking groups like Team fail0verflow and Team ReSwitched to get the head start in order to protect their hardware before the hack was released to the public. These groups told the big N about the vulnerabilities before they released their hacks, which gave Nintendo some time to patch it in the next update. That explains the older firmware version.

Regardless, the older firmware is still vulnerable to a software-level exploit called deja vu, which was patched in systems with 5.0.0 or later. This puts Nintendo in a cycle between the two exploits.

So to keep things simple: the 4.1.0 units are “patched” against “Fusée Gelée,” but are vulnerable to deja vu. Whereas the new 5.0.0 units are safe from deja vu, but vulnerable to “Fusée Gelée.” Quite a pickle.

For now, Nintendo continues to ban hacked systems from its network.