White-hat Chinese hackers turn Alexa into a spy, briefly

This won’t come as any surprise to those of you who put tape over your laptop’s cameras, but Alexa might not be 100 percent secure. This week at the Def Con Hacking Conference in Las Vegas, researchers from the Chinese conglomerate Tencent Holdings disclosed that they were able to use a modified Amazon Echo to hack into another Echo running on the same network. The researchers were not only able to take full control over the secondary device but also silently record and transmit audio to a third party, essentially turning the smart speaker into great big bugging devices, as reported by Wired.

If you’re feeling the slightest bit paranoid right now, cool your jets. These white-hat hackers have already informed Amazon of the exploit and the company rolled out security fixes last month.

Researchers Wu Huiyu and Qian Wenxiang also explained that their technique involved far more than a straight-up remote hack, fortunately. First, they had to drastically modify a standard Echo by removing a flash memory chip, modify its firmware to get root access, and solder the chip back to the circuit board. Sure, this involves little more than a little engineering knowledge and some things from RadioShack but it’s still not something your average spy is likely to have on hand.

However, once they placed their rogue device on the same network as other Echo devices, they could use Amazon’s proprietary communication protocols plus some undiscovered Alexa interface flaws (address redirection, cross-site scripting, and web encryption downgrades) to gain full access over the device. They could, for a more banal example, play any sound they wanted to. Or, they could silently record and transmit every single sound in the room, including conversations in adjacent rooms.

When we extend the logic, that means that an espionage outfit could simply replace a single Amazon smart speaker in a hotel’s network and take complete command over every smart speaker on the network. Sleep tight.

“After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,” the hackers said in a statement to Wired. “When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through the network to the attacker.”

In addition to noting that the Alexa interface flaws have been patched, Amazon stressed that this particular hack requires a malicious actor to take physical access over at least one device.

This is just the latest in a series of attempts to crack the smart speaker’s security platform. Last year, British hacker Mark Barnes was able to install malware on an Echo via metal contacts accessible under the speaker’s rubber base. The security firm Checkmarx also revealed a potentially dangerous security flaw earlier this year when it hacked Alexa’s recording function via malware on a seemingly innocuous calculator app.

Emerging Tech

The Russian hackers behind Triton tried to attack the U.S. power grid

A hacking group linked to the Russian government has been attempting to breach the U.S. power grid. The hackers have been tracked by security experts who warn that the group has been probing the grid for weaknesses.
Smart Home

Best deals on Amazon Echo and Google Home Nest devices for Father’s Day

You can save money on a wide range of devices for Amazon Echo and Google Home Nest smart homes for Father's Day. Here are the best discounts on smart speakers, smart displays, video doorbells, and smart outdoor security cameras.
News

Having a chat with Alexa will soon feel a lot more natural

The Amazon Echo is already a part of many households, but a series of new improvements will soon make conversations with the smart assistant far more natural and fluid than ever before.
Deals

Amazon Father’s Day sale: Blink and Ring security camera systems get price cuts

Father's Day is just around the corner and Amazon is slashing prices on Echo, Ring, and Blink devices for the occasion. Blink and Ring security kits are getting some of the best discounts from Amazon right now
Smart Home

Walmart drops $70 off the Instant Pot Ultra 6-quart 10-in-1 multicooker

Walmart took a huge price cut on one of the most versatile and advanced Instant Pot multi-use programmable pressure cookers. The 6-quart Instant Pot Ultra 10-in-1 Cooker is the right choice for home chefs who want total control.
Mobile

Amazon Prime Day 2019 will likely be on July 15, according to leaked email

It looks like we now have an idea of when Amazon Prime Day 2019 will be, thanks to a leaked email that was sent out to promote a vacuum cleaner deal for Prime Day. According to the email, the massive shopping event will take place on July…
Smart Home

Amazon has a jaw-dropping deal on a renewed Roomba 860 robot vacuum

Amazon just made a 40% price cut on an already heavily discounted, certified refurbished iRobot Roomba 860 premium-level robot vacuum with a 90-day refund or replacement warranty. This deal can help you save up to $329.
Smart Home

The best high-tech pillows for sleep monitoring, snoring, and more

Smart pillows can help you track your sleep and solve problems related to snoring, insomnia, restlessness, temperature, and more. Here, we've rounded up the best smart pillows with sleep tracking, so you can find the right model for you.
Deals

Suck up the savings with these vacuum cleaners on sale for $100 or less

Keeping your floors clean around the home is a constant chore. To help make things a whole lot easier, we've picked out some great vacuum cleaner deals available right now, from full-sized upright models to robot vacs.
Smart Home

The cordless vacuum gets a reinvention thanks to these Dyson disciples

Dyson has been a shining light in the home appliance industry for decades but a pair of its former employees are working to change the cleaning industry with a new cordless vacuum called Lupe.
Emerging Tech

Uber Eats’ drone delivery service could see Big Macs hit speeds of 70 mph

Uber Eats is testing meal delivery using drones. The company wants to start a commercial delivery service using the drone this summer, but it still needs permission from regulators.
Smart Home

Amazon drops a deal on this smartphone-controlled MyQ Smart Garage Door Opener

Amazon slashed the price of Chamberlain's MyQ Smart Garage Hub in time for Father's Day. This deal is so good, however, the smartphone-controlled and Google Assistant and IFTTT compatible MyQ opener would be a great gift for anyone.
Deals

Amazon slashes the price on this TP-Link Whole Home Mesh Wi-Fi System

We've found a great deal on the latest-generation TP-Link Deco Whole Home Mesh Wi-Fi System on Amazon right now that lets you do just that. Everyone can save up to $20 thanks to a coupon, but Amazon Prime Card holders can save even more.
Deals

Amazon hacks price of the KitchenAid Classic Plus Stand Mixer by 44%

There are a lot of mixers on the market today, but when it comes to great quality, there’s one brand that stands out – KitchenAid. Amazon is offering the KitchenAid Classic Plus 4.5-Quart Tilt-Head Stand Mixer at a hefty 44% discount.