logo
allArticlesConferencesPresentations

Breaking Smart Speakers: We are Listening to You.

Conference:  Defcon 26

2018-08-01

Summary

The presentation discusses the process of exploiting vulnerabilities in Amazon Echo devices and the importance of firmware extraction and web plus binary vulnerability in remote code execution.
  • The vulnerabilities found in Amazon Echo devices have been reported to developers and fixed with security patches.
  • Firmware extraction and web plus binary vulnerability are important in remote code execution.
  • The process of exploiting vulnerabilities involves using attacking primitives to override SSL right pointers and execute shellcode.
  • The success rate of the exploit is about 8% and takes an average of 13 minutes.
  • A demo video is available to show the process of exploiting vulnerabilities.
The presentation includes a demo video of a normal Echo Dot being exploited using the described process.

Abstract

In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice.
Materials:
Tags:

Post a comment

Related work

Warshopping - further dalliances in phreaking smart shopping cart wheels, RF sniffing and hardware reverse engineering.

Conference:  Defcon 31
Authors: Joseph Gabay
2023-08-01

Grand Theft House: RF Lock Pick Tool to Unlock Smart Door Lock

Conference:  Black Hat Asia 2023
Authors: Seungjoon Lee, Kwonyoup Kim, Seokhie Hong
2023-05-11

Having fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices

Conference:  Defcon 26
Authors:
2018-08-01

Fatal Fury on ESP32: Time to Release Hardware Exploits

Conference:  BlackHat EU 2019
Authors:
2019-12-05

Light Commands: Hacking Voice Assistants with Lasers

Conference:  BlackHat EU 2020
Authors:
2020-12-10

Unlimited Results: Breaking Firmware Encryption of ESP32-V3

Conference:  Black Hat USA 2022
Authors:
2022-08-10