business news in context, analysis with attitude

The Telegraph reports that researchers with the MWR security consultancy are saying that they've found a flaw in the operating system built into Amazon's Echo voice-activated computer device, one that can "turn the Echo speaker into a 'wiretap' that sends all recordings to a hacker's computer in a security flaw that will confirm consumers' fears about the 'always on' listening device. The vulnerability could let cyber criminals listen to microphone recordings, see an owner's Amazon credentials, steal sensitive information, and takeover the device."

According to the story, "The hardware vulnerability is found in ports used to debug the device, which are hidden underneath a flap on the base of the speaker. Hackers could attach a malicious storage card to these without the user knowing that would give them access to the operating system of the Echo.

"From here, they could infiltrate the user's Amazon account, the apps on the speaker, and the system that is always listens for the wake word, normally 'Alexa.' The latter would allow them to hear all conversations that happen in the vicinity of the speaker ... The hack requires physical access to the Echo, but it is very difficult to see when a device has been tampered with. "

The Telegraph reports on Amazon's response to the revelation: ""To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date."
KC's View:
Well, I must admit that I find the Amazon response to be a little less than confidence-inducing. While the story makes clear that this really only is a problem with early versions of the Echo, and then likely only when one has bought it from someplace other than Amazon, it isn't as reassuring as I'd like it to be.

The story also mentions, by the way, that the MWR researchers say that "customers should mute their devices when they are not in use and to avoid placing the Echo in a public place, such as a hotel room or office." Which strikes me as somewhat limiting, especially in terms of what Amazon's ambitions probably are.