White-hat Chinese hackers turn Alexa into a spy, briefly

This won’t come as any surprise to those of you who put tape over your laptop’s cameras, but Alexa might not be 100 percent secure. This week at the Def Con Hacking Conference in Las Vegas, researchers from the Chinese conglomerate Tencent Holdings disclosed that they were able to use a modified Amazon Echo to hack into another Echo running on the same network. The researchers were not only able to take full control over the secondary device but also silently record and transmit audio to a third party, essentially turning the smart speaker into great big bugging devices, as reported by Wired.

If you’re feeling the slightest bit paranoid right now, cool your jets. These white-hat hackers have already informed Amazon of the exploit and the company rolled out security fixes last month.

Researchers Wu Huiyu and Qian Wenxiang also explained that their technique involved far more than a straight-up remote hack, fortunately. First, they had to drastically modify a standard Echo by removing a flash memory chip, modify its firmware to get root access, and solder the chip back to the circuit board. Sure, this involves little more than a little engineering knowledge and some things from RadioShack but it’s still not something your average spy is likely to have on hand.

However, once they placed their rogue device on the same network as other Echo devices, they could use Amazon’s proprietary communication protocols plus some undiscovered Alexa interface flaws (address redirection, cross-site scripting, and web encryption downgrades) to gain full access over the device. They could, for a more banal example, play any sound they wanted to. Or, they could silently record and transmit every single sound in the room, including conversations in adjacent rooms.

When we extend the logic, that means that an espionage outfit could simply replace a single Amazon smart speaker in a hotel’s network and take complete command over every smart speaker on the network. Sleep tight.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” the hackers said in a statement to Wired. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”

In addition to noting that the Alexa interface flaws have been patched, Amazon stressed that this particular hack requires a malicious actor to take physical access over at least one device.

This is just the latest in a series of attempts to crack the smart speaker’s security platform. Last year, British hacker Mark Barnes was able to install malware on an Echo via metal contacts accessible under the speaker’s rubber base. The security firm Checkmarx also revealed a potentially dangerous security flaw earlier this year when it hacked Alexa’s recording function via malware on a seemingly innocuous calculator app.

Smart Home

Alexa’s Custom Interfaces hope to augment gadgets, games, and smart toys

Alexa is growing smarter again with a new feature for developers called Custom Interfaces. The feature is aimed at augmenting interactivity between users of Alexa-powered devices like Amazon's Echo and developer's newest products.
Deals

Amazon drops Echo smart home device prices for Labor Day Sale

Amazon began dropping prices for Amazon Echo smart home devices for the upcoming Labor Day sales event. Alexa-compatible device price cuts by Amazon and Google Assistant device discounts at Walmart mean a big sale is on the way.
Smart Home

Amazon and Walmart match lower prices on Echo Dot and Google Home Mini

Amazon and Walmart resumed their price competition on the entry-level smart speakers for the Amazon Echo and Google Nest Home smart home ecosystems. The price cuts have started with 40% discounts on the Echo Dot and the Google Home Mini.
Smart Home

Foxconn interns reportedly work long hours to produce Amazon Alexa products

A recent report from the Chinese Labor Watch said that student interns are forced to work long hours without rest in order to meet Amazon Echo production goals at the Foxconn factory in China.
Smart Home

Google Assistant’s reminders will soon nag your significant other for you

Let Google take the heat for all that nagging: Google Assistant will soon allow you to assign reminders to others. The feature will roll out to Google Assistant-enabled phones, speakers, and displays over the next few weeks.
Smart Home

Startup Camect is on track to deliver a private, unified smart camera hub

It's not every day you run across a crowdfunded startup that has raised nearly three times its goal but startup Camect has done just that to fund the development of a secure smart camera hub expected to launch in 2020.
Smart Home

Your smart oven might be more ready for breakfast than you realize

Several owners of the June Smart Oven have reported the device turning on and preheating in the middle of the night without any input. June says this is due to user error, but customers are concerned.
Smart Home

What is a smart thermostat and how does it work?

Thinking of buying a smart thermostat, but don't know exactly what you're looking for? We explain how smart thermostats work, the features they offer, and how they can save you money.
Smart Home

The best pet tech products for 2019

Pet-centric tech has come a long way in the past decade. From self-cleaning litter boxes to DNA tests designed to trace your pup's ancestry through the ages, here is some of the best pet tech available.
Smart Home

Make heading off to college easier with Alexa

If you love Alexa at home, you're going to love her even more when you go off to college. She has skills that can help with dorm laundromats, tracking your team, keep track of campus events, and more.
Smart Home

Best smart plugs for inside your home

Smart plugs can make your dumb outlets smart. To help you choose the right one, we've rounded up the best smart plugs for your consideration. This selection covers smart plugs rated for indoor use.
Smart Home

Best smart padlocks of 2019

It's time you upgrade your padlock! The best smart padlocks can be controlled with an app and include many useful abilities, like tracking when the lock has been used or adding new fingerprint users. Check out our picks.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Racing drones and robotic ping pong trainers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Smart Home

Expect to see a lot more from Ikea in the smart home sector

Ikea is doubling down on its smart home efforts with the formation of a new business unit dedicated to the sector. The Swedish company said the move marks its biggest commitment to a single product line in more than 20 years.