Alexa, Can You Hear Me? Demystifying the Amazon Echo Through Theoretical Bug Hunting 

 

  Download (registration required, 482K)

  Provide feedback on this document

Related Items

  The Merging of Cybersecurity and Operational Technology
Knowledge Center  Visit the Cybersecurity Knowledge Center community


Complex software applications, networking protocols, authentication mechanisms, session management, data handling, data warehousing and mobile device interaction underpin the Amazon® EchoTM (Echo) and all the services it provides.

With such a large potential attack surface, anyone with a laptop, mobile phone and free open-source tools can begin to unravel the DNA of the Echo and the sensitive information it controls. With such a robust suite of interesting features and datarich interactivity, security and data handling are paramount. This paper briefly documents how the Echo handles personally identifiable information, application security measures to protect users’ data, and some potential soft spots in the Echo’s architecture and back-end cloud ecosystem in order to explain how the convergence of multiple endpoint architecture provides a massive attack surface for hackers.