“Our attack, Alexa versus Alexa (AvA), is the first to exploit the vulnerability of self-issuing arbitrary commands on Echo devices,” noted the researchers. “We have verified that, via AvA, attackers can control smart appliances within the household, buy unwanted items, tamper with linked calendars and eavesdrop on the user.”

Friendly Fire

The researchers tested the attack mechanism successfully on both third- and fourth-generation Echo Dot devices. Interestingly, this hack doesn’t depend on rogue speakers, which further reduces the complexity of the attack. Moreover, the researchers note that the exploitation process is rather simple. AvA starts when the Echo device begins streaming an audio file that contains voice commands that trick the speakers into accepting them as regular commands issued by a user. Even if the device asks for a secondary confirmation to perform a particular action, the researchers suggest a simple “yes” command approximately six seconds after the malicious request is enough to enforce compliance.

Useless Skill

The researchers demonstrate two attack strategies to get the smart speakers to play the malicious recording.  In one, the attacker would need a smartphone or laptop within the speakers’ Bluetooth-pairing range. While this attack vector does require proximity to the speakers initially, once paired, the attackers can connect to the speakers at will, which gives them the freedom to conduct the actual attack anytime after the initial pairing.  In the second, completely remote attack, the attackers can use an internet radio station to get the Echo to play the malicious commands. The researchers note this method involves tricking the targeted user into downloading a malicious Alexa skill to the Echo. Todd Schell, Senior Product Manager at Ivanti, told Lifewire via email that the AvA attack strategy reminds him of how hackers would exploit WiFi vulnerabilities when these devices were first introduced, driving around neighborhoods with a WiFi radio to break into wireless access points (AP) using default passwords. After compromising an AP, the attackers would either hunt around for more details or just conduct outward-facing attacks. “The biggest difference I see with this latest [AvA] attack strategy is that after the hackers get access, they can quickly conduct operations using the owner’s personal info without a lot of work,” said Schell. Schell points out the long-term impact of AvA’s novel attack strategy will depend upon how quickly updates can be distributed, how long it takes people to update their devices, and when the updated products start shipping from the factory. To assess the impact of AvA on a larger scale, the researchers conducted a survey on a study group of 18 users, which showed that most of the limitations against AvA, highlighted by the researchers in their paper, are hardly used in practice. Schell isn’t surprised. “The everyday consumer is not thinking about all the security issues upfront and is usually focused exclusively on functionality.”