If you come home and find your Amazon Echo turned upside down with its baseplate removed and a 1950s-phone-exchange worth of wiring sticking out and plugged into a motherboard that wasn't there when you left this morning, then it is my suggestion that the device may have been hacked. It might be best to arrange your crack cocaine drop through some other medium.
When looking at all these scare-mongering demos, think about the practicalities.
You didn't read the article did you?
"Even so, the method leaves behind no obvious sign of an attack, once the extra hardware is removed and the base replaced, with normal functionality of the smart speaker said to be completely unaffected by the code changes."
If a talented computer expert with the proper hardware has a motivation to break into your home in order to disassemble and hack your Echo, then carefully removing all traces of doing so, I think you may have a far larger problem on your hands.
The most obvious user of this hack is a government agencies in the US and abroad that intercepts those things before delivery. The US Gov has done this already for PC's and ROUTERS, so yeah this can 100% happen.
If you come home and find your Amazon Echo turned upside down with its baseplate removed and a 1950s-phone-exchange worth of wiring sticking out and plugged into a motherboard that wasn't there when you left this morning, then it is my suggestion that the device may have been hacked. It might be best to arrange your crack cocaine drop through some other medium.
When looking at all these scare-mongering demos, think about the practicalities.
You didn't read the article did you?
"Even so, the method leaves behind no obvious sign of an attack, once the extra hardware is removed and the base replaced, with normal functionality of the smart speaker said to be completely unaffected by the code changes."
If a talented computer expert with the proper hardware has a motivation to break into your home in order to disassemble and hack your Echo, then carefully removing all traces of doing so, I think you may have a far larger problem on your hands.
Who walks around the house shouting out their passwords or how much money they have in the bank? What type of information is being compromised? Begging your wife or girlfriend for sex isn't worth intercepting. I doubt most terrorists are going to be telling out loud where they're going to be placing their next bombs. I can only use my own personal life as an example. I don't think I say anything worth hearing for a hacker. Maybe if I say I'm leaving the house at a certain time and coming back at a certain time could be useful for a hacker but that's about it. Calling a certain high-ranking government official an SOB is probably common knowledge.
The most obvious user of this hack is a government agencies in the US and abroad that intercepts those things before delivery. The US Gov has done this already for PC's and ROUTERS, so yeah this can 100% happen.
If you come home and find your Amazon Echo turned upside down with its baseplate removed and a 1950s-phone-exchange worth of wiring sticking out and plugged into a motherboard that wasn't there when you left this morning, then it is my suggestion that the device may have been hacked. It might be best to arrange your crack cocaine drop through some other medium.
When looking at all these scare-mongering demos, think about the practicalities.
You didn't read the article did you?
"Even so, the method leaves behind no obvious sign of an attack, once the extra hardware is removed and the base replaced, with normal functionality of the smart speaker said to be completely unaffected by the code changes."
If a talented computer expert with the proper hardware has a motivation to break into your home in order to disassemble and hack your Echo, then carefully removing all traces of doing so, I think you may have a far larger problem on your hands.
us government can easily do the hardware hacks before its shipped to the customer.
They done these hardware hacks on routers before.
1) Unless they knew about and utilized this exploit long before this week then it might be, but it doesn't seem "easy" since a) it's something they're going to do to every Echo that is being shipped from Amazon, b) need to follow procedure, and c) ) not something that would affect any Echos shipping today.
2) If you want to make claims that the gov't can intercept all deliveries and then add listening devices (cameras, key loggers, trackers) whatever to an Echo you need to also accept they can do this with any other CE. Last we saw that there was a macOS exploit for Snow Leopard and Lion while those OSes were still the most commonly used, but you could have trackers in the souls of new shows, a TV with gov't added spyware, and a microphone that Kelly Anne Conway uses to watch you make tea in the morning nude, but I'd say you're going a little to far with the paranoia.
I always knew that the security is a major problem for Amazon Echo or Google Pod or any cloud based processing with "always listen" devices, but not until this news it really sinks in how dangerous it could be without anonymous ID token or end-to-end encryption like Apple. It's not so much about thief taking advantage of it, it's more about losing your privacy in your own home, even if you live by yourself.
That there is vulnerability found in the Amazon Echo does not surprise me. It takes years of experience form the vendor to manufacture a vulnerability free device. The Amazon Echo is simply not long enough on the market.
But you are mixing up privacy and vulnerabilities. Privacy ensures that no one can listen to the internet traffic from and to the device. Vulnerabilities lead to access of the device by others.
While Apple is putting a lot of emphasis on privacy with its end 2 end encryption, there has been in the past several vulnerabilities in Apple devices.
If you come home and find your Amazon Echo turned upside down with its baseplate removed and a 1950s-phone-exchange worth of wiring sticking out and plugged into a motherboard that wasn't there when you left this morning, then it is my suggestion that the device may have been hacked. It might be best to arrange your crack cocaine drop through some other medium.
When looking at all these scare-mongering demos, think about the practicalities.
You didn't read the article did you?
"Even so, the method leaves behind no obvious sign of an attack, once the extra hardware is removed and the base replaced, with normal functionality of the smart speaker said to be completely unaffected by the code changes."
If a talented computer expert with the proper hardware has a motivation to break into your home in order to disassemble and hack your Echo, then carefully removing all traces of doing so, I think you may have a far larger problem on your hands.
If somebody breaks into my house, he/she will steal everything of high value that is not too heavy. This might include IT equipment, But breaking in a house to hack a device and to leave it there, come on be serious. You much have been smoking again too much forbidden substances.
uummm....what about refurb units or eBay sales? Pretty sure those just dropped to $0.
That's no more likely than all the Apple devices dropping to $0 because of some potential hack on older HW is discovered but requires direct access to the device.
The most obvious user of this hack is a government agencies in the US and abroad that intercepts those things before delivery. The US Gov has done this already for PC's and ROUTERS, so yeah this can 100% happen.
The most obvious user of a hack like this once commoditized is a suspicious or paranoid spouse/significant other.
Once cameras are added it's any perv with unsupervised access to your device for a couple minutes...your daughters loser boyfriend, your loser boyfriend, the terrible blind date you never want to see again, the cable installer, the plumber, the seemingly nice neighbor, the building supervisor, etc.
Yeah, they could just leave their own camera/mic but they have to find a hiding spot with power and network access. Kinda easier to hijack the device sitting in plain view on the dresser that you leave plugged in and connected to your own wifi if they can.
Comments
The US Gov has done this already for PC's and ROUTERS, so yeah this can 100% happen.
LOL. And well said!!!
2) If you want to make claims that the gov't can intercept all deliveries and then add listening devices (cameras, key loggers, trackers) whatever to an Echo you need to also accept they can do this with any other CE. Last we saw that there was a macOS exploit for Snow Leopard and Lion while those OSes were still the most commonly used, but you could have trackers in the souls of new shows, a TV with gov't added spyware, and a microphone that Kelly Anne Conway uses to watch you make tea in the morning nude, but I'd say you're going a little to far with the paranoia.
But you are mixing up privacy and vulnerabilities. Privacy ensures that no one can listen to the internet traffic from and to the device. Vulnerabilities lead to access of the device by others.
While Apple is putting a lot of emphasis on privacy with its end 2 end encryption, there has been in the past several vulnerabilities in Apple devices.
Once cameras are added it's any perv with unsupervised access to your device for a couple minutes...your daughters loser boyfriend, your loser boyfriend, the terrible blind date you never want to see again, the cable installer, the plumber, the seemingly nice neighbor, the building supervisor, etc.
Yeah, they could just leave their own camera/mic but they have to find a hiding spot with power and network access. Kinda easier to hijack the device sitting in plain view on the dresser that you leave plugged in and connected to your own wifi if they can.