Amazon Echo vulnerable to old security flaws

(Image credit: Amazon)

Security experts have warned that Amazon Echo devices could still be susceptible to a range of flaws.

A team known as Flouroacetate were able to hack into an Amazon Echo device due to shortcomings in the security software used to protect the device.

Hackers exploiting this "patch gap" would be able to overload an affected device to hijack the Echo, and possible even then gain access to a victim's home network.

Full control

The findings were enough for the Fluoroacetate team to win the Pwn2Own hacking contest, which is held every year to highlight security flaws in modern-day devices.

They used an Amazon Echo Show 5, which as an older release was particularly at risk due to not being eligible for some of the latest security patches sent out by Amazon.

In this case, the device was found to be using an older edition version of Google's Chromium browser engine, which had been forked during its development. The Fluoroacetate team were able to target this outdated code through the use of an integer overflow JavaScript bug and a malicious Wi-Fi network to hijack the device and take "full control".

The team, who netted $60,000 in bug bounties as their prize, shared the findings with Amazon, which has said it will be "investigating" the flaws and would take "appropriate steps" to protect its devices.

Via TechCrunch

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.