英国安全研究员展示了亚马逊回声,Wi-Fi连接的智能扬声器,可以在没有主人的知识的情况下变成监视工具。
Wired reports该设备可以在其网站上hacked in just a few minutes without leaving any evidence. A hacker would need physical access to the Echo, and the technique works only on devices that were sold before 2017. However, the researcher, Mark Barnes, says there is no software fix for the modification and homeowners would have no way of knowing the device had been altered.
Echo是“东西互联网”的一部分,允许其所有者访问互联网的设备,转动热量,锁定和解锁窗户和门,并与周围的世界数字互动。随着额外的便利内容增加了隐私风险。
In this case, Wired says, Barnesexplained his technique并提供“概念证明”代码,该代码将允许回声将音频信号传输到其他地方的服务器,基本上将回声转换为始终导通窃听。
“The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering,” Barnes writes. “Such malware could grant an attacker persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device.”
Barnes’s technical paper details how the hacker would gain access to tiny pads on the base of the Echo by removing a rubber base. Barnes soldered in connections to an SD card and his laptop, allowing him to bypass the system’s authentication measures and install his own software. With a little more development, Barnes says, it would be possible to make the connections in just a few minutes.
The software modifications allow Barnes to take over the Echo’s microphones and stream audio to any remote computer he selects. The changes also would allow a hacker to gain access to other parts of the owner’s network, including the owner’s Amazon account, and install ransomware, Wired said.
Amazon has fixed the flaw in the most recent versions of Echo. Barnes, however, warned that people should be wary of the security risks of Echos that are installed in public and semi-public spaces — such as hotel rooms.
2 Comments
Not just that
I've probably posted this here already, but I can drive down the streets in the town near me with a friend who runs a security business and open garage doors, listen to conversations, watch babies sleeping and view security camera images - all this in houses without connections to the new generation of smart appliances and controls. None of which have even rudimentary security features.
相同的是连通的汽车,说话娃娃,智能电视,冰箱和上帝都知道还有什么。对您或您的数据感兴趣的任何群体都有很多来源来挖掘它。
If someone is inside your
如果有人在你的房子里面,有很多东西可以修改或安装侦听设备。再担心一个。
IMO, far worse is the fact that your laptop or phone can be hacked to be a listening device - without needing physical access.
Log in or create an account to post a comment.
Sign up Log in