Attackers Can Trick Echo Speakers Into Hacking Themselves

In the rush to line their homes with smart devices, many users ignore the security risks posed by smart speakers, warn security experts.

A case in point is the recently patched vulnerability in some Amazon Echo devices, which researchers from the University of London and the University of Catania, Italy, were able to exploit and use to weaponize these smart speakers to hack themselves.

"Our attack, Alexa versus Alexa (AvA), is the first to exploit the vulnerability of self-issuing arbitrary commands on Echo devices," noted the researchers. "We have verified that, via AvA, attackers can control smart appliances within the household, buy unwanted items, tamper with linked calendars and eavesdrop on the user."

Friendly Fire

In their paper, the researchers demonstrate the process of compromising the smart speakers by getting them to play audio files. Once compromised, the devices could wake themselves up and start executing commands issued by the remote attacker. The researchers demonstrate how attackers could tamper with applications downloaded on the hacked device, make phone calls, place orders on Amazon, and more.

The researchers tested the attack mechanism successfully on both third- and fourth-generation Echo Dot devices.

Interestingly, this hack doesn't depend on rogue speakers, which further reduces the complexity of the attack. Moreover, the researchers note that the exploitation process is rather simple.

AvA starts when the Echo device begins streaming an audio file that contains voice commands that trick the speakers into accepting them as regular commands issued by a user. Even if the device asks for a secondary confirmation to perform a particular action, the researchers suggest a simple "yes" command approximately six seconds after the malicious request is enough to enforce compliance.

Useless Skill

The researchers demonstrate two attack strategies to get the smart speakers to play the malicious recording. 

In one, the attacker would need a smartphone or laptop within the speakers' Bluetooth-pairing range. While this attack vector does require proximity to the speakers initially, once paired, the attackers can connect to the speakers at will, which gives them the freedom to conduct the actual attack anytime after the initial pairing. 

In the second, completely remote attack, the attackers can use an internet radio station to get the Echo to play the malicious commands. The researchers note this method involves tricking the targeted user into downloading a malicious Alexa skill to the Echo.

Anyone can create and publish a new Alexa skill, which doesn't need special privileges to run on an Alexa-enabled device. However, Amazon says all submitted skills are vetted before going live on the Alexa skills store. 

Andres Urena / Unsplash

Todd Schell, Senior Product Manager at Ivanti, told Lifewire via email that the AvA attack strategy reminds him of how hackers would exploit WiFi vulnerabilities when these devices were first introduced, driving around neighborhoods with a WiFi radio to break into wireless access points (AP) using default passwords. After compromising an AP, the attackers would either hunt around for more details or just conduct outward-facing attacks.

"The biggest difference I see with this latest [AvA] attack strategy is that after the hackers get access, they can quickly conduct operations using the owner's personal info without a lot of work," said Schell.

Schell points out the long-term impact of AvA's novel attack strategy will depend upon how quickly updates can be distributed, how long it takes people to update their devices, and when the updated products start shipping from the factory.

To assess the impact of AvA on a larger scale, the researchers conducted a survey on a study group of 18 users, which showed that most of the limitations against AvA, highlighted by the researchers in their paper, are hardly used in practice.

Schell isn't surprised. "The everyday consumer is not thinking about all the security issues upfront and is usually focused exclusively on functionality."