A security researcher found a way to break into an Amazon Echo smart speaker and turn it into a "wiretap," according to a British cybersecurity company. MWR Infosecurity researcher Mark Barnes discovered that you can gain access to a 2016 Echo's Linux operating system and install malware without leaving physical evidence of tampering.
"Such malware can grant attackers persistent remote access to the device, steal customer authentication tokens, and enable them to stream live microphone audio to remote services without altering the functionality of the device," the company said in a blog post.
You might not need to panic quite yet. MWR pointed out that Amazon has addressed this weakness in its 2017 Echo devices, and someone would have to have direct access to the speaker to install the malware.
"However, product developers should not take it for granted that their customers won't expose their devices to uncontrolled environments such as hotel rooms," the company said.
Amazon confirmed in a statement that the 2017 Echo doesn't have the vulnerability.
"Customer trust is very important to us," an Amazon spokesperson said. "To help ensure the latest safeguards are in place, as a general rule, we recommend customers purchase Amazon devices from Amazon or a trusted retailer and that they keep their software up-to-date."