Skip to main content
  1. Home
  2. Smart Home
  3. Computing
  4. News

White-hat Chinese hackers turn Alexa into a spy, briefly

Add as a preferred source on Google

This won’t come as any surprise to those of you who put tape over your laptop’s cameras, but Alexa might not be 100 percent secure. This week at the Def Con Hacking Conference in Las Vegas, researchers from the Chinese conglomerate Tencent Holdings disclosed that they were able to use a modified Amazon Echo to hack into another Echo running on the same network. The researchers were not only able to take full control over the secondary device but also silently record and transmit audio to a third party, essentially turning the smart speaker into great big bugging devices, as reported by Wired.

If you’re feeling the slightest bit paranoid right now, cool your jets. These white-hat hackers have already informed Amazon of the exploit and the company rolled out security fixes last month.

Recommended Videos

Researchers Wu Huiyu and Qian Wenxiang also explained that their technique involved far more than a straight-up remote hack, fortunately. First, they had to drastically modify a standard Echo by removing a flash memory chip, modify its firmware to get root access, and solder the chip back to the circuit board. Sure, this involves little more than a little engineering knowledge and some things from RadioShack but it’s still not something your average spy is likely to have on hand.

However, once they placed their rogue device on the same network as other Echo devices, they could use Amazon’s proprietary communication protocols plus some undiscovered Alexa interface flaws (address redirection, cross-site scripting, and web encryption downgrades) to gain full access over the device. They could, for a more banal example, play any sound they wanted to. Or, they could silently record and transmit every single sound in the room, including conversations in adjacent rooms.

When we extend the logic, that means that an espionage outfit could simply replace a single Amazon smart speaker in a hotel’s network and take complete command over every smart speaker on the network. Sleep tight.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” the hackers said in a statement to Wired. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”

In addition to noting that the Alexa interface flaws have been patched, Amazon stressed that this particular hack requires a malicious actor to take physical access over at least one device.

This is just the latest in a series of attempts to crack the smart speaker’s security platform. Last year, British hacker Mark Barnes was able to install malware on an Echo via metal contacts accessible under the speaker’s rubber base. The security firm Checkmarx also revealed a potentially dangerous security flaw earlier this year when it hacked Alexa’s recording function via malware on a seemingly innocuous calculator app.

Clayton Moore
Contributor
Clayton Moore’s interest in technology is deeply rooted in the work of writers like Warren Ellis, Cory Doctorow and Neal…
Google Home Speaker (2026) review: Smarter and punchier, with a subscription pinch
Google's latest smart speaker pairs Gemini with better sound and deeper smart home integration. What's not to love without spending over a $100?
Sphere, Body Part, Finger

View at Amazon

Quick Recap

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more
LG SIGNATURE DLEX9900S dryer review: A massive, gorgeous dryer with one AI-sized asterisk
The LG SIGNATURE DLEX8900B is a beautiful dryer with a AI brain and plenty of capacity. Just be ready to pay a premium and take over from time-to-time.
LG SIGNATURE DLEX9900S dryer

View at LG

Quick Review

Read more