Jump directly to the content
TAPPED UP

Anyone can eavesdrop on your conversations through an Amazon Echo, hackers claim

Cyber experts claim the device has 'design flaws' which mean it can be hacked into without leaving a trace

AMAZON Echos can be tapped into and used to eavesdrop without leaving any evidence of tampering, hackers claim.

Computer geeks claim malware - malicious software - can be easily installed on the voice-controlled digital assistant without trace.

Hackers claim some versions of the Amazon Echo are vulnerable
2
Hackers claim some versions of the Amazon Echo are vulnerable to cyber attacksCredit: Reuters
Pictures published by MWR show how hackers managed to infiltrate the device
2
Pictures published by MWR show how hackers managed to infiltrate the deviceCredit: MWR InfoSecurity

They say this malware can then be used to control the device remotely, live-streaming conversations without affecting how it works.

Cyber security experts say the vulnerability is because the device has "exposed debug pads" underneath its rubber base, which shows hackers how it loads.

It also has a setting which allows it to boot from an external SD card.

Security consultant Mark Barnes explained the two hardware features make the Echo easy to turn into a "wiretap".

Mr Barnes said the research raised "a number of important questions for manufacturers of Internet enabled or ‘Smart Home’ devices".

He said: "The biggest limitation of this vulnerability is the need for physical access to the device itself, but it shouldn’t be taken for granted that consumers won’t expose the devices to uncontrolled environments that places their security and privacy at risk.

"What this research highlights is the need for manufacturers to think about both the physical and digital security risks that the devices may be subjected too and mitigate them at the design and development stage.

"Whilst Amazon has done a considerable amount to minimise the potential attack surface, these two hardware design choices – the unprotected debug pads and the hardware configuration setting that allows the device to boot via an external SD card – could expose consumers to an unnecessary risk."

It comes as experts warn hackers could use Amazon's Alexa personal assistant to empty your bank account.

He said the design flaw didn't affect the latest version of the Echo or the smaller Amazon Dot model.

But as it is a physical vulnerability, it cannot be solved through a software or firmware update.

He said a hacker would need "considerable experience" to create the necessary code to carry out an attack.

But if they did succeed, they could build a small handheld device pre-loaded with malware which could exploit units within just a few minutes.

Mr Barnes told : "Once the attacker has control of the system, they can potentially gain permanent access to it unless the victim somehow detects the intrusion."

An Amazon spokesman said: "Customer trust is very important to us. To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date."

The device also has an on-off switch which completely disconnects its microphones.

It also only streams audio to the cloud after hearing its "wake word" and the blue ring light is on.


We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368


 

LOGO_machibet_200x200

Machibet

star star star star star 4.9/

6,000.000+downloads/Free/Bengali/Version2.3.4

777 BDT IPL 2025 Sports First Deposit Bonus

  • 5,000 BDT Daily Reload Bonus
  • Boost Your First Deposit with a 300 BDT Bonus
  • 100% First Deposit Refund Bonus up to 5,000BDT
bKash bank OK Wallet upay
PLAY NOW
Free Bonus
Download For
android