It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.
To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.
Enter evil maid
So-called "evil maid" attacks—so named because they're carried out by a house cleaner or other person who has brief access to a target's devices—are valid hacks Microsoft, Apple, and other manufacturers include in their threat modeling. And now, following a proof-of-concept hack by MWR Labs security researcher Mark Barnes, those types of threats are a reality millions of Echo users must consider as well.