One of the dangers of modern technology is that most of our modern devices are possible targets for spying. We have smartphones, TVs, and tablets along with permanent internet connectivity that makes it easy for possible malicious use. We can add Amazon’s Alexa to that list of smart devices.
Before anyone starts disconnecting their Alexa devices, remember that this breach was on an older version of the device and that the vulnerability does not work on the new units. Also, this was a proof of concept and requires physical access to the Echo. The good news is that this does not work the Echo Dot or the Echo Tap.
Security researchers used a technique known as an “Evil Maid” attack that involves a house cleaner or maid who has brief access to a target device. All technology companies use this method as part of threat modeling, which is probably why the new Echo units do not have the vulnerability.
According to the researcher behind the proof-of-concept, it shows the importance for the manufacturers of these devices to take the security of these devices seriously: “This highlights privacy concerns people have about always-listening devices,” Barnes said. “It shows the need for developers to have security assessments of smart devices they develop and for organizations to gain assurance of the security posture of any products they purchase before installing them.”
Users who are concerned about the security of their products should check the Echo and look for a 2017 year of manufacture and a model number that ends with a 02.