Blog:

Hacking the Echo echo echo

Ken Munro 16 Apr 2016

Some years ago, we discovered that Samsung smart TVs were listening to you and sending your voice over the public internet without encryption.

Now, home assistants such as Amazon Echo and Google Home are listening to you all the time. Fortunately, Amazon and Google appear to have taken security of their devices seriously & there don’t appear to be any significant security flaws found in recent versions.

So, hacking Alexa isn’t really an option, despite its awesome potential.

A while back we looked at Google Chromecast. It’s possible to stream (or ‘cast’) arbitrary YouTube content to a Chromecast without any authentication.

Interesting…

Many smart TVs also allow content to be cast wirelessly, so long as one has cracked the users Wi-Fi key.

Assuming the Wi-Fi key hasn’t been changed from default, or is crackable (~10 chars or less) then it’s a trivial matter to crack the key and connect to the TV.

‘Casting’ to a Chromecast will usually power on the TV, so even if it’s been switched off, the attacker can fire it up.

‘Hacking’ Alexa

So we can have the TV play arbitrary Youtube content. Time to get recording some video!

Here’s Alex Lomas dulcit tones saying ‘Alexa, boil the kettle’

<embed vid>

And here’s the kettle doing it’s thing to order

<embed vid>

So what?

What if you’ve enabled the Alexa recipe for your smart door lock?

‘Alexa, unlock door’

What if you’re away from home whilst the weather is freezing

‘Alexa, set thermostat to 5 degrees’

Note that Nest thermostats have a safety temperature to prevent pipes freezing. I’m looking into how one can disable that…

‘Alexa, turn off the lights’ or ‘Alexa, close the curtains’

Creepy… Particularly if you’re home alone and your TV starts talking to Alexa randomly.

<more to add>