Researchers from the University of London and Catania University have discovered how to weapon Amazon Echo devices for self-attack. To get the device to play a maliciously crafted recording, the attacker needs a smart phone or laptop within Bluetooth pairing range. Unlike Internet-based attacks, this scenario requires proximity to the target device.
Once paired, the Bluetooth device can connect and disconnect from the Echo without having to perform the pairing process again. Therefore, the real attack could occur within a few days of pairing. The research prompted Amazon to patch the command self-publishing vulnerability, which was caused by a long period of silence caused by interrupting tags, as demonstrated by the researchers. They also set up systems to continuously monitor for potentially malicious behavior in real time.
Dan Xu
Leave a Reply