The Tencent Blade Team gave a live demonstration at the DefCon security conference on how to crack the world’s best-selling smart speaker, Amazon Echo, The Paper reported.
The Amazon security team had set up multiple security defense mechanisms for Echo, including the encryption and authentication of communication traffic, firewalls and SELinux security policies.
However, in the Internet of Things, any smart device can connect to the Internet and interact. Once one of these devices becomes a hacker target, the entire Internet of Things becomes threatened.
The Tencent Blade Team said that they took advantage of Amazon’s system mechanism which allows multiple devices to be interconnected. By adding a malicious device embedded with an attack program to the Internet of Things, the smart speaker could be cracked.
In this case, the Tencent Blade Team can not only remotely control Amazon Echo for recording, but also send recordings over the network to remote servers.
It is reported that Tencent gave all the details to Amazon in May, and by July, Amazon had fixed all the vulnerabilities.