Barnes hacked the Echo “You can make it do whatever you want, really,” Barnes tells Wired.
Barnes cites a paper The Echo hack is just the latest vulnerability reported in internet-connected devices. According to Proofpoint, hackers used smart TVs and smart refrigerators to send over 750,000 malicious phishing emails between 2013 and 2014. In March, a WikiLeak data dump revealed that the CIA can hack Samsung Smart TVs to stream audio picked up from the television’s microphone.
As an industry, the Internet of Things devices are woefully insecure, researchers say. Many Internet-of-Things devices are sold to customers with “exploitable firmware,” writes Ike Clinton and Lance Cook, students in Citadel’s Cyber Communications Command program, in their paper about Echo’s security flaws.
“The future of the Internet, and our highly technology-connected lives, depend on these devices to be secure,” Clinton and Cook write. The “fear,” they write, “is that someone with more malicious intent will find a vulnerability on key devices used by everyone, or the government.”