So, you have an Alexa/Echo in your home. Well...you also have a microphone in your home as well. You ever wonder if these devices can be used by hackers to ease drop on you. Well in the video below you'll see just that.
This is how it was done
- User Downloads an app from the Amazon Store called a "Skill" it could have also snuck into the "Google Play Store as well (in this instance it was a calculator app)
- The programmer when developing the "Skill Calculator App", Injects code within the app that is used for keeping the Alexa on after saying the awake word.
- The user asks Alexa, says a wake word—usually "Alexa", to do a calculation
- After the response from Alexa the microphone is turned of...BUT with this App the microphone is left on
- The hackers then programmed the "Skill" to send back a transcription of the conversations
Amazon is incorporating the this functionality into other devices that may or may not have a blue light indicating it is still listening.
Check out the two short videos below. The 1st one shows exactly how it was done. ALSO AMAZON HAS SINCE CORRECTED THIS VULNERABILITY
Video on how it's done
