Security experts have warned that Amazon Echo devices could still be susceptible to a range of flaws.
A team known as Flouroacetate were able to hack into an Amazon Echo device due to shortcomings in the security software used to protect the device.
Hackers exploiting this “patch gap” would be able to overload an affected device to hijack the Echo, and possible even then gain access to a victim's home network.
- Amazon Black Friday sale prices revealed: Echo, Kindle and Fire TV device deals land
- Best home security systems of 2019: the best in smart home security
- Chromium-based Edge gets tracking prevention for better online privacy
Full control
The findings were enough for the Fluoroacetate team to win the Pwn2Own hacking contest, which is held every year to highlight security flaws in modern-day devices.
They used an Amazon Echo Show 5, which as an older release was particularly at risk due to not being eligible for some of the latest security patches sent out by Amazon.
In this case, the device was found to be using an older edition version of Google's Chromium browser engine, which had been forked during its development. The Fluoroacetate team were able to target this outdated code through the use of an integer overflow JavaScript bug and a malicious Wi-Fi network to hijack the device and take “full control”.
The team, who netted $60,000 in bug bounties as their prize, shared the findings with Amazon, which has said it will be “investigating” the flaws and would take “appropriate steps” to protect its devices.
Via TechCrunch
No comments yet.