Recent studies have proven that the Amazon Echo could be used to spy on its users by taking advantage of features. In a recent study by Mike Barnes, a researcher at MWR Infosecurity, proved that the Amazon Echo could used essentially as a Wiretap, without leaving a trace of evidence or tampering behind. Physical access to the device is required, in order to perform the bugging.
What is the Amazon Echo? This smart gadget is a voice activated “always listening” device that can play music, call or message friends and family, answer questions and can even control connected Smart Home devices including WeMo, Hive and Nest.
This “physical” vulnerability is found in Echo units made before 2017. If one were to remove the rubber base from the device, they would find small metal pads (connecting to the internal hardware) One of the tiny metal pads is used to read SD card data. By using that specific vulnerability, Barnes proved that it was possible to silently stream audio from the hacked Echo to a server far away.
The good news for Echo users is that Amazon has fixed the bug in the 2017 model. If you have an Echo model dated 2015 or 2016, you might want to consider purchasing the 2017 edition. As with any Smart technology, avoid purchasing used or second-hand models, potentially exposing yourself to owning a device that has been tampered with. If you find an Echo in hotel rooms, check the date to make sure it is a 2017 model. You can switch the Echo to mute when not actively in use, if it is not the newer version.