The latest generation of virtual, voice-activated personal assistants is here. With some of the most popular systems coming from the likes of Google and Amazon, consumers readily trust these services to secure their transmissions and protect their sensitive data. It's easy to get lulled into a false sense of safety when using devices like Google Home and Amazon Echo, but they're not always as secure as they seem.
From an IT expert's viewpoint, it's easy to see the potential hazards of such systems. Complete with built-in microphones and the ability to begin recording – in theory – at any time, these devices are a hacker's dream. And they've already started exploiting various bugs and holes in their programming.
Targeting Amazon Echo
In mid-2017, a British IT security expert uncovered a way to install custom malware onto any Amazon Echo device. His code template, which was published online for all to view, made it possible to initiate streaming audio – without the original owner's knowledge – at any time.
As troubling as the finding was, it's an exploit that isn't likely to affect many Echo users. For one, any hackers trying to exploit a system via this method would require physical access to the device. They would also need enough time to hack into the system and install the malicious software without the target's knowledge. It also only affects Echo devices manufactured before 2017 – any recent ones aren't vulnerable to the exploit.
But that's only one specific method that only targets one brand – the Amazon Echo. What happens when attacks become more sophisticated and capable of affecting devices from multiple manufacturers? We've already seen some of the results.
Gaining Access to Echo and Home
A separate exploit, uncovered in late 2017, is far more advanced than the earlier Amazon Echo hack. Since it also affects Google Home devices, and because it doesn't even require physical access to the target system, the BlueBorne exploit – as it's being called – has the potential to affect up to 20 million consumers.
The earlier hack – from mid-2017 – never saw any widespread delivery. It was only detailed and published online – primarily to create awareness. BlueBorne, on the other hand, is already working its way into virtual personal assistants all around the world – and many of the owners don't even know.
Users don't even need to click on any links or install any third-party software to activate the hack. BlueBorne utilizes a hole in the Linux kernel of the Amazon Echo and a known vulnerability in the Bluetooth stack of the Android-powered Google Home device.
Once BlueBorne infects a device, it easily makes its way onto the other systems and devices that share the network. Both Amazon and Google issued separate patches that prevent the attacks from occurring, but many devices remain unpatched.
Giving Up Privacy for Technology
As if consumers didn't have enough trouble from online threats and viruses, know they're inviting them into their living room with the current generation of virtual personal assistants. Although they provide a new luxury that does make everyday life a little bit easier, is it really worth the tradeoff?
Bluetooth Hack Lets Hackers Take Control of Your Amazon Echo Device
No comments yet. Sign in to add the first!