A security team from Tencent Blade exposed new security vulnerabilities around smart speakers. Researchers Wu HuiYu and Qian Wenxiang gave a live demonstration at the DEFCON security conference on how to hack a smart speaker. The team used Amazon Echo smart speakers to present their attack program.
The researchers hacked the speaker by adding a malicious device embedded with an attack program. “After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and achieve remote eavesdropping,” the researchers said in a media report. “When the attack succeeds, we can control Amazon Echo for eavesdropping and send the voice data through a network to the attacker.”
The researchers notified Amazon of their findings before the presentation, and Amazon has already pushed a security patch to fix the issues.
“Customers do not need to take any action as their devices have been automatically updated with security fixes,” an Amazon spokesperson said in a statement. “This issue would have required a malicious actor to have physical access to a device and the ability to modify the device hardware.”
Researchers have been exploring various vulnerabilities on IoT devices that can cause potential information security threats for organizations and individuals. In its new research, cybersecurity solutions provider Check Point revealed how organizations and individuals are vulnerable to hacking through their fax machines. The research findings were presented by Check Point’s researchers Yaniv Balmas and Eyal Itkin at DEFCON 26. They stated that fax machines have security vulnerabilities which could possibly allow a hacker to steal data through a company’s network using just a phone line and a fax number. The researchers also showed how they were able to exploit security flaws in a Hewlett Packard all-in-one printer.