Mike Barnes, a researcher from MWR Infosecurity published details of hacking Amazon Echo. A vulnerability detected in the device allows an attacker with physical access to obtain superuser rights in the underlying Linux operating system and install malicious software. For the attack, an unprotected debugging panel is used, designed to view the boot process and configure the device.

The vulnerability is that the Echo device first tries to boot from the SD card connected to the debug panel.

A properly formatted SD card with X-loader and U-Boot in a specific section allows you to get full access to the file system of the device.

As a demonstration of the vulnerability, the researchers installed a backdoor to remotely control the device, and then redirected all audio data stream received from the microphone to the remote computer using the TCP / IP data transfer protocol.

This vulnerability is fixed in the latest version of the Amazon Echo firmware, but the 2015 and 2016 models are still vulnerable.