White-hat Chinese hackers turn Alexa into a spy, briefly

This won’t come as any surprise to those of you who put tape over your laptop’s cameras, but Alexa might not be 100 percent secure. This week at the Def Con Hacking Conference in Las Vegas, researchers from the Chinese conglomerate Tencent Holdings disclosed that they were able to use a modified Amazon Echo to hack into another Echo running on the same network. The researchers were not only able to take full control over the secondary device but also silently record and transmit audio to a third party, essentially turning the smart speaker into great big bugging devices, as reported by Wired.

If you’re feeling the slightest bit paranoid right now, cool your jets. These white-hat hackers have already informed Amazon of the exploit and the company rolled out security fixes last month.

Researchers Wu Huiyu and Qian Wenxiang also explained that their technique involved far more than a straight-up remote hack, fortunately. First, they had to drastically modify a standard Echo by removing a flash memory chip, modify its firmware to get root access, and solder the chip back to the circuit board. Sure, this involves little more than a little engineering knowledge and some things from RadioShack but it’s still not something your average spy is likely to have on hand.

However, once they placed their rogue device on the same network as other Echo devices, they could use Amazon’s proprietary communication protocols plus some undiscovered Alexa interface flaws (address redirection, cross-site scripting, and web encryption downgrades) to gain full access over the device. They could, for a more banal example, play any sound they wanted to. Or, they could silently record and transmit every single sound in the room, including conversations in adjacent rooms.

When we extend the logic, that means that an espionage outfit could simply replace a single Amazon smart speaker in a hotel’s network and take complete command over every smart speaker on the network. Sleep tight.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” the hackers said in a statement to Wired. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”

In addition to noting that the Alexa interface flaws have been patched, Amazon stressed that this particular hack requires a malicious actor to take physical access over at least one device.

This is just the latest in a series of attempts to crack the smart speaker’s security platform. Last year, British hacker Mark Barnes was able to install malware on an Echo via metal contacts accessible under the speaker’s rubber base. The security firm Checkmarx also revealed a potentially dangerous security flaw earlier this year when it hacked Alexa’s recording function via malware on a seemingly innocuous calculator app.

Smart Home

This Amazon Echo and Pandora Premium smart speaker bundle saves you $138

QVC just took online merchants to school with a massive discount on the second-generation Amazon Echo with a 3-month voucher for Pandora Premium. The minimum you save is $128. Save off $10 extra with TAKE10 code for first QVC orders.
Smart Home

Amazon Echo Show and Google Home Hub get huge price cuts

If you act today you can get an amazing deal on the first-gen Amazon Echo Show on Woot or the current generation Google Home Hub on Rakuten. The Echo Show works with Alexa and the Google Home Hub with Google Assistant.
Smart Home

Echo Plus (1st-gen) vs. Echo Plus (2nd-gen): How exactly do they compare?

Which Echo Plus should you buy? This guide compares the first-generation Echo Plus its latest successor, allowing you to get a better idea regarding the ins and outs of each device.
Home Theater

Amazon’s free Spotify competitor is here. Just ask Alexa

Just ask Alexa to play your favorite song. Amazon has launched a free, ad-based music streaming service to compete with Spotify's free tier on its popular Echo devices, aiming to bolster subscriptions to Amazon Music Unlimited.
Smart Home

Amazon’s Alexa reviewers reportedly have access to customer home addresses

We already learned earlier this year that when you talk to Alexa, Amazon employees may also be listening. Some employees who review Alexa recordings may also have access to user addresses and locations.
Mobile

Google Assistant for Android and iOS wants to tell you a story

Just in time for National Tell a Story Day on April 27, Google has added the ability for Google Assistant for iOS and Android to read you a story. So now there's no excuse for not catching up with a good book.
Product Review

The Schlage Encode Wi-Fi smart lock shuts out the competition with looks, style

Easy to install and easy on the eye, Schlage Encode’s integrated Wi-Fi and third-party platform support make it a fine choice for the smart home. We took it for a test run to see how well it worked.
Smart Home

The best washing machines make laundry day a little less of a chore

It takes a special kind of person to love doing laundry, but the right machine can help make this chore a little easier. Check out our picks for the best washing machines on the market right now.
Product Review

Arlo’s doorbell is missing a camera, but ease and style make it a great addition

A lack of an integrated camera means that the Arlo Audio Doorbell isn’t as versatile as competitors, but a low price, simple installation and smart features make it an easy add-on for Arlo smart home fans.
Mobile

Bothering the bots: Funny questions and commands to pose to Google Assistant

Communicating with Google Assistant can be a chore. Luckily, there are plenty of fun questions and commands to add a little entertainment to your oft-rigid conversation. Here are some of our favorites.
Smart Home

Keep your stuff safe and porch pirates away with the best home security cams

When it comes to the best home security cameras, the choice often comes down to the one that simply knows how to stay out of your way. Here are some of our favorites, both indoor and outdoor.
Smart Home

The Instant Pot LUX60 pressure cooker gets a huge price cut at Walmart

Walmart cut the Instant Pot LUX60 6-quart, 6-in-1 multi-use programmable pressure cooker price so low, people who already have an Instant Pot may buy it as a spare. Digital Trends' reviewer said, "The Instant Pot Lux won't disappoint."
Smart Home

The Ninja Foodi multicooker gets a steep $80 price cut on Amazon

Amazon took a healthy chunk off the price of the Ninja OP302 Foodi Cooker, Steamer, and Air. This heavy-duty, multi-function appliance morphs from pressure cooker to air fryer, crisper, steamer, slow cooker, and even a dehydrator.
Deals

Best Buy slashes prices on Sonos and Sonance outdoor speaker bundles

Best Buy slashed the price of the Sonos and Sonance Outdoor Speaker Streaming Audio Bundle with an xPress Audio Keypad. This outdoor bundle includes a Sonos amplifier, two Sonance speakers, and a remote. You can save $550 during this sale.