New Virtual Assistant can Track Your Activities at Home

News Analysis: If you think that the Amazon Echo and its ability to be a stealthy listening device is not alarming, well you have another thing coming.

Amazon Echo’s virtual assistant, Alexa does not seem to pose any threats on a first glance for a third party to hear you talking to it since saying “Alexa, order me an Uber” and other mundane requests like request for time, weather and more is already being shared with your credit card company, Uber and obviously, the Alexa application on your device.

However, broadcasting other sensitive words like asking the symptoms for a sexually transmitted disease or like asking for the number of a bankruptcy lawyer which is such a sensitive query and something that you wouldn’t want to share. Thankfully though, the Amazon app keeps any queries, sensitive or not confidential and that you can only view those queries on your Alexa application on your device, but assuming that your virtual assistant did more than just listening to any action words, “Alexa” for Amazon Echo, “Hey Siri” for an iOS device. And assuming that your device also transmits any words you say to a remote location that could hear and record by a third party, raises red flags and is quite alarming, considering the fact that just recently, instructions in hacking Amazon Echo was published by security researchers in the UK, Mark Barnes with MWR Labs. According to them, hacking the app is quite trivial even though it may require physical access to the device you want to hack. The important thing is, beating the hack is easy, and that is if you know that your Amazon Echo app has been messed with. However, it can be very hard to tell if your Amazon Echo is compromised or not just by checking it simply. This is not an easy task to make, so if you’re well-versed with these kinds of things, you have to take a look inside the Linux-based operating system of the device to check if the device has been rooted. Apart from that, it can also be pretty difficult to tell if the app itself is tampered when you are using it for the hack does not interfere with the basic functionality of the device.

Hacking the Echo works by getting access to the sixteen debugging pads located at the bottom of the app. These debugging pads are basically electrical connectors that are underneath the rubber cover of your Amazon Echo. All you have to do is to peel the cover off and boot the device from an SD card as stated by the researchers in The Citadel in South Carolina. So it is possible to boot the Echo from an SD card if the access to the debug is successful and install a short script that has the instructions to listen to the microphones. After that, it sends the resulting data file to a remote location.

The first attempt in doing this is just a proof of the concept that took Mark Barnes a couple of hours to finish which left the Amazon Echo with wires all over the place. However, he also indicated that when you create a connector to fit the debug pads, the whole process could be done faster than a couple of hours it took the initial attempt in doing so minus the connector.

This may be an unnecessary alarm at first since your Amazon Echo is safe at home or even in your office. So what are the chances, right? On that note, also keep in mind that it’s always better to be safe than being tracked and monitored.

In the generation full of apps like Amazon Echo that can secretly monitor or track your activities, it’s better to have an app that lets you do the monitoring and tracking. A software-tracking and monitoring app called SMS Tracker Android is the perfect fit for you, unlike the Amazon Echo, with this app, what you see is what you really get – it does not have any other hidden function but to provide you all the information you need on the device you are keeping track with Provided you have the user’s authority to install the app, using this app does not transgress any privacy matter.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s