Security firm MWR InfoSecurity claims it was able to exploit a vulnerability which turns the Alexa-fueled device into a “wiretap” without altering its standard functionalities.
But before you get all alarmed, let us tell you the vulnerability was found to affect only 2015 and 2016 versions of the Amazon Echo. On top of that, in order to successfully hack the speaker, a hacker would need to have physical access to it. So you might want to lock your Amazon Echo away when your computer wiz cousin comes over for a visit.
Seriously speaking, the attack can be carried out by removing the Echo’s rubber base to reveal 18 debug pads which can be used to easily debug the device. From there, hackers would be able to boot directly into the firmware by attaching an SD card or install malware without leaving any actual physical traces.
MRW InfoSecurity researchers were also able to develop scripts which leverage the functions within the Echo to stream audio to a remote server. This allowed them to remotely monitor and listen in on users and steal private information without Echo owners realizing what was happening.
Even if the likelihood of your Amazon Echo being attacked in this matter is pretty low, MRW InfoSecurity recommends users turn off the Echo’s microphone when they are not using the device to avoid someone potentially listening in.
Additionally, customers should avoid purchasing an Echo from third-party retailers and go straight to Amazon if they want to have one in their home.