Hackers can steal sensitive data via Amazon Echo: keep an eye on cybersecurity

Last updated: August 05, 2017

Modern IT companies create a huge number of devices for multiple needs of their customers.

All of them are produced to make our lives more comfortable. Still, hackers do not rest on their laurels and invent brand-new contraptions for attacking their poor victims.

Want to know how the users of the Amazon Echo can be compromised?


Researchers from MWR InfoSecurity found out the way how malicious technicians can make the Amazon Echo into a hidden listening device.

They are able to perform this even without influencing the functioning of it. It has been discovered that the device is susceptible to physical interfering.

The attackers can gain the root shell on the Linux OS and set up scumware. With the help of the Amazon Echo hackers can overhear the users’ activities and steal sensitive credentials.


The research group managed to get into the Amazon Echo device and access 18-bug pads, then to boot into device’s firmware. They also didn’t fail to setup scumware which made them to get access listening microphones.


Having investigated the possible scenario of hacking, they revealed the way media information was transported and stored by attackers. The script is needed for leveraging the instruments on the device to pass the info to a remote server.


It is stated that the versions of 2015 and 2016 are susceptible to such physical attacking. As far as the latest version of 2017 is concerned, its vulnerability has not been proved.

It is necessary for manufacturers to care about both physical and digital security of the devices they produce.


The InfoSecurity group suggested some preventive measures to avoid stealing users’ sensitive data via the Amazon Echo:

  1. The mute button is on.

If you mention any sensitive data, you are recommended to turn the microphone off so that any prying eye could steal it.

  1. Monitoring strange activity

You can’t identify hacking physically, but it is possible to track strange activities on the network.

  1. Don’t buy second-hand Amazon Echo devices

By purchasing second-hand, you might impose yourself hacking as the attack is possible after physical interfering.

  1. Perform a secure VPN connecting

Beyond all doubt, VPNs make Internet connecting safer. When you apply a VPN, your sensitive information is codified with data encrypting tools. This makes your traffic invisible for the netizens. Even if hackers manage to intercept it, they can’t open because of encrypting.


Thus, the manufacturers of the Internet enabled gadgets should pay strong attention to cybersecurity of the consumers. Nevertheless, the customers themselves must keep an eye on it as well.