The team created a rogue Echo by removing a flash memory chip from the device, modifying its firmware to get root access, and soldering it back on its circuit board. After that, the group put the speaker on the same WiFi network as untouched Echos. The researchers used Amazon’s whole-home communication protocol plus the Alexa interface flaws (including address redirection, cross-site scripting and web encryption downgrades) to gain full control over victims’ speakers, including silent recording and playing any sound they like.
Amazon has already fixed the associated internet vulnerabilities. As it stands, the likelihood of a real-world attack was small. A would-be eavesdropper would have to know how to disassemble the Echo, identify (and connect to) a network with other Echos and chain multiple exploits. This would be most useful in hotels and other places where a hacker could both expect smart speakers and hang out without drawing too much attention. If there’s a larger concern, it’s that this demonstrates a snooping exploit is possible in the first place — no matter how unlikely it may be.