Turning the Amazon Echo speaker into a surveillance tool apparently isn’t too difficult for those with access to the hardware. On Echo units sold before 2017, removing the rubber base exposes a set of metal connection pads. Security researcher Mark Barnes was able to solder a laptop cable and SD card hookup to these pads, allowing him to load eavesdropping malware onto the speaker. He claims that with a bit more work, someone could create a custom connection device to hide inside the Echo base, no soldering required.
Granted, you probably have bigger problems at hand if someone breaks into your house undetected. But as Wired notes, the hack has frightening implications for Echo devices installed in communal settings, such as hotel rooms. (In response, Amazon told Wired, “We recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up to date.”) And while Echo speakers produced in 2017 are apparently safe, earlier versions may not be fixable since the vulnerability exists at the hardware level. Maybe think twice about spilling gossip around the office Echo next time.