Alexa hacks itself: vulnerability in Amazon’s Echo speakers!
Amazon’s virtual assistant Alexa is the heart of every Echo speaker and obeys every word thanks to smart voice recognition. Unfortunately, it usually doesn’t matter who gives the order. When in doubt, the supposedly clever little helper even listens to itself. British and Italian researchers have now found this out as part of a study. According to this, the experts managed to get Alexa to manipulate itself independently. The process is shockingly simple.
According to the study, it is sufficient to pair a smartphone with an Echo speaker via Bluetooth. To do this, it is necessary to be in the immediate vicinity of the device once in order to set up the connection via voice command. Once that is done, the attacker can move away again and only has to remain within the radio range of the Bluetooth connection. Using a text-to-speech app, he is then able to issue voice commands through the Echo device’s speaker. If they start with the activation word “Alexa” or “Echo”, the assistant listens to herself when speaking – and does what she says.
The best smart speakers with Alexa
Amazon
Details about the test
Per
Good operation by voice and touch
Camera slider
against
Bass partly too strong
votes occupied
Amazon
Details about the test
Per
Ready to go quickly
Display always in view
against
Relatively bulky and expensive
No connections
Devil
Details about the test
Per
good sound
Very loud (105 dB)
against
Only Spotify on demand
No Apple Music, no AirPlay 2
Devil
Details about the test
Per
good sound
Very loud (105 dB)
against
Only Spotify on demand
No Apple Music, no AirPlay 2
Amazon
Details about the test
Per
New chic design
Good voice control
against
Few connections
Chunky power supply
Amazon
Details about the test
Per
Reliable voice control
Good sound, high volume
against
A bit bassy
Automatic calibration sluggish
Amazon
Details about the test
Per
Good voice control
Good touch screen
against
treble pointed
Voices hiss at s-sounds
Amazon
Details about the test
Per
Easy to set up, good operation
Good display with touch function
against
Sounded a bit cold and bass-heavy
Few connections
sonos
Details about the test
Per
good sound
automatic calibration
against
Upper bass partly too loud
Very few connections
Complete list: The best smart speakers with Alexa
Alexa, open the door for burglars
For example, if Alexa gives the command to open a smart door lock, burglars can gain access to a house without swinging the crowbar. The researchers were also able to execute commands that are secured by a confirmation prompt by appending a simple “yes” about six seconds after the first command. In this way, it was possible to switch smart networked lights on and off in 93 percent of all cases. Ordering goods via Amazon worked even better with a hit rate of 100 percent.
It managed to persuade Alexa to dial a specific phone number with a reliability of 73 percent. This allowed the attackers to call themselves and sound out their potential victims’ homes. The possibilities for abuse are almost endless, since almost every smart home component can be controlled via Alexa. In another test setup, the initiators of the study managed to get an echo loudspeaker to execute defective commands via a manipulated radio transmitter. However, Amazon has now fixed this vulnerability.
Vulnerability persists
According to the researchers, the attack via a device paired via Bluetooth will continue to work with any third- and fourth-generation Echo device. To protect yourself, always mute your speaker’s microphones when not in use. More information about the vulnerability can be found on the official website for the so-called Alexa versus Alexa hack.