CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

A researcher turned an Amazon Echo into a makeshift wiretap

Don't get too worried: Someone would have to get physical access to your smart speaker to make it possible to listen in.

Ashlee Clark Thompson Associate Editor
Ashlee spent time as a newspaper reporter, AmeriCorps VISTA and an employee at a healthcare company before she landed at CNET. She loves to eat, write and watch "Golden Girls" (preferably all three at the same time). The first two hobbies help her out as an appliance reviewer. The last one makes her an asset to trivia teams. Ashlee also created the blog, AshleeEats.com, where she writes about casual dining in Louisville, Kentucky.
Ashlee Clark Thompson
Watch this: An Amazon Echo was rigged for wiretapping

A security researcher found a way to break into an Amazon Echo smart speaker and turn it into a "wiretap," according to a British cybersecurity company. MWR Infosecurity researcher Mark Barnes discovered that you can gain access to a 2016 Echo's Linux operating system and install malware without leaving physical evidence of tampering.

"Such malware can grant attackers persistent remote access to the device, steal customer authentication tokens, and enable them to stream live microphone audio to remote services without altering the functionality of the device," the company said in a blog post.

Enlarge Image

A researcher in Great Britain found a way to turn the Amazon Echo smart speaker into a makeshift wiretap.

Chris Monroe/CNET

You might not need to panic quite yet. MWR pointed out that Amazon has addressed this weakness in its 2017 Echo devices, and someone would have to have direct access to the speaker to install the malware. 

"However, product developers should not take it for granted that their customers won't expose their devices to uncontrolled environments such as hotel rooms," the company said.

Amazon confirmed in a statement that the 2017 Echo doesn't have the vulnerability.

"Customer trust is very important to us," an Amazon spokesperson said. "To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date."