In brief: Fears that smart speakers quietly listen to our conversations have been around since the devices first hit the market, but they've been dismissed as paranoia by most customers. However, a team of Tencent security researchers recently found a way to hack Echo devices and hear through them, lending credence to those concerns.
Concerns that smart speakers like the Google Home or Amazon Echo are "always listening" to users have mostly been dismissed as conspiracy theories.
However, whether these fears stem from paranoia or not, it seems there could be validity to them after all. In a conference announcement aptly titled "We Are Listening To You," security researchers from Tencent's Blade Team say they recently found vulnerabilities in Echo smart speakers.
These vulnerabilities allowed researchers to silently listen to what's being said on the other side of the speaker and control the speaker's audio, among other things.
Researchers explained the process to Wired, saying that they were able to modify a single Echo by removing its flash chip and writing their own firmware onto it. After doing so, they could attack other Echo devices using a "series of web vulnerabilities" present within Amazon's website and Alexa interface.
There were a few limitations to this method of attack. For example, researchers could only use it by getting their device on the same wifi network as a target Echo, which means it's unlikely that this hack was used in the wild.
Even if the risk to the end user was minimal, Tencent's researchers were quick to notify Amazon of their findings. This prompted the company to roll out a security patch back in July that addressed the issue.