MADRID, 5 Jul. (Portaltic/EP) –
The smart speakers of the series Amazon Echo keep personal information of their owners stored in its internal memory that remains even after device reset to its factory settings.
This is how the researchers from the Northwestern University of the United States, who have conducted an analysis of the security features of Amazon’s Echo smart speakers using reverse engineering techniques.
This analysis, according to its authors, “demonstrates the lack of protections for the user’s private data“, which exposes them to certain types of attacks in which the cybercriminal has physical access to the device.
In this way, it is possible for attackers to obtain sensitive personal information such as WiFi credentials, the physical location of the users or access to other smart devices such as security cameras or connected locks.
Likewise, the investigation has warned that Amazon Echo speakers They store user information in their internal ‘flash’ memory that remains even after a reset the device to factory settings, including passwords and ‘tokens’ of the previous user.
This error is due to the use of algorithms in the loudspeakers ‘flash’ memory and to the lack of encryption mechanisms on the device, according to the study authors.
To demonstrate the feasibility of these attacks, the researchers acquired 86 used Amazon Echo devices -especially third generation Echo Dots launched since 2018- in platforms like eBay, which claimed that they were certified refurbished devices but that they kept data from their previous owners.