The Amazon Echo is an always-listening device designed to play music, answer questions via the Alexa voice service, and control connected home devices such as WeMo, Hive and Nest. Now researchers have demonstrated that while it listens to you, attackers could be listening to you as well.
Mike Barnes, a researcher at MWR Infosecurity, has published details of an attack that can compromise the device while leaving no evidence of tampering. The attack requires physical access, and continues work (PDF) published last year by researchers from The Citadel, The Military College of South Carolina.
The earlier research was looking for potential Echo attack approaches. The paper concludes, “We believe that any of these approaches would allow further access into the file system of the Echo that would allow security researchers the ability to reverse engineer binaries for vulnerabilities, scan the device for hardcoded credentials, and much more.”
This is the basis of the approach taken by MWR. In summary, the attack uses the devices’ exposed debug pad to watch the boot process and understand the device’s configuration. The Echo first attempts to boot from an SD Card attached to the debug pads. “By correctly formatting a SD Card with X-loader and U-Boot in the correct partition,” writes Barnes, “we can boot from this card and into a U-Boot commandline interface.”
This allowed him to understand the inner workings of the device. He introduced a reverse shell that spawned on boot. He then removed all external evidence of the attack and the Echo rebooted into its normal operation. However, he was now able to connect remotely with root.
Remotely, he was able to create a script “that would continuously write the raw microphone data into a named fifo pipe which we then stream over TCP/IP to a remote service. On the remote device we receive the raw microphone audio, sample the data and either save it as a wav file or play it out of the speakers of the remote device.”
In effect, everything that the Echo hears can now also be heard by attackers without any alteration to the functionality of the Echo or evidence of tampering.
The weakness (or difficulty) in the attack is that it requires physical access to the device; but, warns Barnes, “it shouldn’t be taken for granted that consumers won’t expose the devices to uncontrolled environments that places their security and privacy at risk.”
He offers several mitigations. The first is to use the physical mute button on the Echo. This will stop it ‘listening’, but reduces the always-on functionality of the device. The second is to monitor network traffic looking for anomalous traffic. This would be realistic if the Echo is used in a workplace, but not so likely in a home environment.
The third option is to always buy direct from Amazon. When MWR disclosed the flaw, Amazon released a statement: “Customer trust is very important to us. To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date.”
Amazon has fixed the weakness in the latest version. “This vulnerability has been confirmed on the 2015 and 2016 edition of the Amazon Echo,” writes Barnes, “however the 2017 edition is not vulnerable to this physical attack.” Buying a new device from source will be immune. However, buying an Amazon Echo second-hand could expose users to the potential purchase of a tampered device. If you find one in your hotel room, check that it is a 2017 model. If it is not, switch it to mute when not actively in use.
“What this research highlights,” says Barnes, “is the need for manufacturers to think about both the physical and digital security risks that the devices may be subjected too and mitigate them at the design and development stage. Whilst Amazon has done a considerable amount to minimize the potential attack surface, these two hardware design choices — the unprotected debug pads and the hardware configuration setting that allows the device to boot via an external SD card — could expose consumers to an unnecessary risk.”
Related: When the IoT Comes to the Office

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Venafi Leverages Generative AI to Manage Machine Identities
- Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
- OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
- CISOs and Board Reporting – an Ongoing Problem
- Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue?
- The Team8 Foundry Method for Selecting Investable Startups
- Hacker Conversations: Alex Ionescu
- The Reality of Cyberinsurance in 2023
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
