Technology: A browser bug was enough to hack an Amazon Echo - - PressFrom - US
  •   
  •   
  •   

Technology A browser bug was enough to hack an Amazon Echo

20:00  09 november  2019
20:00  09 november  2019 Source:   techcrunch.com

Amazon’s new Echo Flex lets you put Alexa everywhere in your home

  Amazon’s new Echo Flex lets you put Alexa everywhere in your home Alexa now has its own smartplug with modular accessoriesAmazon is announcing two Echo Flex accessories that you’ll be able to slot into the bottom, a motion sensor and a nightlight. Both will be priced at $14.99, and since the Flex is clearly modular we’ll likely see a lot more accessories in the future. Amazon is even building an API for software developers, and will share the specs for accessories in the future so others can build for the Flex.

It looks like an Echo , it sounds like an Echo but is it really an Echo ? It would be possible for someone to design their own version of a voice assistant with entirely different and evil ends and then just whack it inside an Amazon Echo shell and sell it onto an unsuspecting punter. It would be easy enough to

Echo owners shouldn't panic: The hackers already alerted Amazon to their findings, and the company pushed out security fixes in July. That daemon contained a vulnerability that the hackers found they could exploit via their hacked Echo to gain full control over the target speaker, including the ability to

Two security researchers have been crowned the top hackers in this year's Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo.

a man standing in front of a computer screen© Provided by Oath Inc.

Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display.

The researchers found that the device uses an older version of Chromium, Google's open-source browser projects, which had been forked some time during its development. The bug allowed them to take "full control" of the device if connected to a malicious Wi-Fi hotspot, said Brian Gorenc, director of Trend Micro's Zero Day Initiative, which put on the Pwn2Own contest.

Amazon’s new Echo has better sound at the same price

  Amazon’s new Echo has better sound at the same price Amazon's new $99 mainline Echo is basically an Echo Plus in new clothes. Under the hood is the same core audio features -- neodymium drivers and a 3-inch woofer. It should have better frequency response, especially on the low end, but Amazon also claims the mids and highs are clearer. On the outside it's got a clean fabric cover that, not going to lie, looks a bit like a Homepod when slapped on the new design. But people will probably appreciate that the there's a new color option. In addition to charcoal, sandstone and heather gray, there's now twilight blue. We don't have all the details just yet about the new Echo.

The hack involved a modified Amazon Echo , which had parts swapped out, including some that had This allowed the hackers to turn their own, modified Echo into a listening bug , relaying audio from the other An Amazon spokesperson told Wired that “customers do not need to take any action as their

The daunting prospect of owning a household device that can listen-in to your every conversation has always loomed over Amazon ’s Echo and You may have read about Barnes’ article describing the hack a few weeks ago, but I was fortunate enough to try it out in person and see his work first hand.

The researchers tested their exploits in a radio-frequency shielding enclosure to prevent any outside interference.

"This patch gap was a common factor in many of the IoT devices compromised during the contest," Gorenc told TechCrunch.

An integer overflow bug happens when a mathematical operation tries to create a number but has no space for it in its memory, causing the number to overflow outside of its allotted memory. That can have security implications for the device.

When reached, Amazon said it was "investigating this research and will be taking appropriate steps to protect our devices based on our investigation," but did not say what measures it would take to fix the vulnerabilities — or when.

The Echo wasn't the only internet-connected device at the show. Earlier this year the contest said hackers would have an opportunity to hack into a Facebook Portal, the social media giant's video calling-enabled smart display. The hackers, however, could not exploit the Portal.

Security flaws in a popular smart home hub let hackers unlock front doors

Amazon has another Echo sale with up to $60 off .
To get November (and the holiday shopping season) off to a flying start, Amazon has put many of its Echo devices on sale, including some of its more recent Alexa-powered gizmos. For instance, you can snag yourself or a loved one an Echo Show 5, which Amazon revealed in May, for $60 (down from $90). The Echo Dot (the one with a clock) has only been available for a little over a month, but you can already save $20 -- it's on sale for $40. TheThe Echo Dot (the one with a clock) has only been available for a little over a month, but you can already save $20 -- it's on sale for $40. The third-generation, clockless version of the smart speaker is discounted from $50 to $30, and Amazon is also offering the Echo Dot Kids Edition for $20 cheaper at $50.

—   Share news in the SOC. Networks

Topical videos:

usr: 0
This is interesting!