英国安全研究员展示了亚马逊回声，Wi-Fi连接的智能扬声器，可以在没有主人的知识的情况下变成监视工具。

Wired reports该设备可以在其网站上hacked in just a few minutes without leaving any evidence. A hacker would need physical access to the Echo, and the technique works only on devices that were sold before 2017. However, the researcher, Mark Barnes, says there is no software fix for the modification and homeowners would have no way of knowing the device had been altered.

Echo是“东西互联网”的一部分，允许其所有者访问互联网的设备，转动热量，锁定和解锁窗户和门，并与周围的世界数字互动。随着额外的便利内容增加了隐私风险。

In this case, Wired says, Barnesexplained his technique并提供“概念证明”代码，该代码将允许回声将音频信号传输到其他地方的服务器，基本上将回声转换为始终导通窃听。

“The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering,” Barnes writes. “Such malware could grant an attacker persistent remote access to the device, steal customer authentication tokens, and the ability to stream live microphone audio to remote services without altering the functionality of the device.”

Barnes’s technical paper details how the hacker would gain access to tiny pads on the base of the Echo by removing a rubber base. Barnes soldered in connections to an SD card and his laptop, allowing him to bypass the system’s authentication measures and install his own software. With a little more development, Barnes says, it would be possible to make the connections in just a few minutes.

The software modifications allow Barnes to take over the Echo’s microphones and stream audio to any remote computer he selects. The changes also would allow a hacker to gain access to other parts of the owner’s network, including the owner’s Amazon account, and install ransomware, Wired said.

Amazon has fixed the flaw in the most recent versions of Echo. Barnes, however, warned that people should be wary of the security risks of Echos that are installed in public and semi-public spaces — such as hotel rooms.