Smart devices, indeed!
Once compromised, the devices could wake themselves up and start executing commands issued by the remote attacker.
The researchers tested the attack mechanism successfully on both third- and fourth-generation Echo Dot devices.
Waldemar Brandt / Unsplash
Interestingly, this hack doesn’t depend on rogue speakers, which further reduces the complexity of the attack.
Moreover, the researchers note that the exploitation process is rather simple.
In one, the attacker would need a smartphone or laptop within the speakers' Bluetooth-pairing range.
Andres Urena / Unsplash
The researchers note this method involves tricking the targeted user into downloading a malicious Alexa skill to the Echo.
However,Amazon saysall submitted skills are vetted before going live on the Alexa skills store.
After compromising an AP, the attackers would either hunt around for more details or just conduct outward-facing attacks.
Schell isn’t surprised.
