• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • Follow Us
    • Follow
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
    • Follow
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Marketing

Security firm shows how a second-hand Amazon Echo can become a spy

Smart speakers, locks, cameras and doorbells are also vulnerable, vpnMentor found.

Barry Levine on September 18, 2018 at 4:53 pm
  • More

When a smart speaker aggregates customer data, or a car dashboard highlights the nearest McDonalds, the marketer and the consumer assume the devices can be trusted.

But recent research by Israeli security firm vpnMentor raises red flags about whether the Internet of Things could turn into the Internet of Spying Things.

What vulnerabilities were discovered? The company recently announced the results of work by a group of “ethical hackers” it employed in March and April of this year.

In one project, the group was able to connect an SD card reader to a first-generation Amazon Echo and install malware that could listen in to the owners’ daily life or interfere with the Echo’s control of other household devices like smart locks or appliances.

The use case for this Manchurian Candidate-like Echo envisions that the hacked speaker was purchased as a used smart speaker on the open market.

Peter Campbell, CEO of vpnMentor’s PR firm, Kaizensearch, said that Amazon corrected the speaker’s vulnerability in the second-generation Echo — but there is no Amazon program to certify any used smart speaker. If some enterprising hacker is able to crack future generations of Echos and they are bought on the used device market, the same infiltration can occur.

He added that Amazon does recommend the owner of a used smart speaker update the firmware, but that assumes the owner knows what to do.

What else did they hack? In another example, the first generation of the Ring smart doorbell was also hacked by vpnMentor. But, Campbell pointed out, that brand doesn’t list the product by generation, so any buyer of a used Ring doorbell is on their own.

vpnMentor was also able to remotely control the Samsung Smart Camera, which is also not listed by generation, and it was able to compromise the security for the August Smart Lock, the Kwikset Kivo Smart Lock and the TP-Link Smart Plug.

“A lot of people are buying smart devices second-hand,” Campbell said, “and failing to reset the firmware.”

Why does this matter to marketers? Imagine that, as in the novel “1984,” every TV was watching you as you watched it. In that environment, how much would consumers trust the advertising they see there?

Telephones have already started veering into becoming tainted devices. A phone call from an unknown party is viewed as suspicious by most people because of the large number of spam calls, and the same could happen if consumers begin to suspect that, say, their smart speakers are tracking them.

Marketers may well realize that brand safety is not just about whether the page or program where the brand’s ad is shown features controversial text or imagery. Safe brand neighborhoods can also include the trust afforded to a given device, so marketers would best target their messages toward the devices that maintain that trust.

UPDATE 9.20.18:

The August brand sent us this statement:

The vulnerability [described above] is not incredibly realistic or common. It involves giving someone Owner access to your lock, revoking it, and them putting their phone into Airplane mode, going to your house and unlocking the door, still in Airplane mode.

The company also noted that “the report rated the August lock as safe (on a scale from Very Unsafe to Very Safe),” and that the risk of buying smart products secondhand “isn’t true for August [because the] cryptographic keys are reset each time the lock is set up — so there isn’t a risk there.”



About The Author

Barry Levine
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related Topics

Channel: Martech: Marketing

Subscribe to receive daily martech news and expert insights. See terms.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.
See terms.

ATTEND OUR EVENTS

MarTech 2021: March 16-17

MarTech 2021: Sept. 14-15

MarTech 2020: Watch On-Demand

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • The State of Local Marketing Report 2020-2021
  • Quality CRM Data: The Key to Delivering Great Customer Experiences
  • How the Microsoft Search Network Can Maximize Your Search Campaigns
  • The Marketer’s Playbook for Customer Acquisition
  • How To Optimize SEO With UGC
See More Whitepapers

Webinars

  • How to Avoid the Digital Transformation Trap
  • How to Build a Marketing System of Record
  • Meet BIMI: The brand-boosting email security marketers must have for 2021
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

Receive daily martech news and analysis.
Martech Today
Download the Martech Today app on iTunes
Download the Martech Today App on Google Play

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars
  • MarTech Conference

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff
  • Connect With Us

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • Instagram
  • RSS
  • iOS App
  • Google Play

© 2021 Third Door Media, Inc. All rights reserved.

Your privacy means the world to us. We share your personal information only when you give us explicit permission to do so, and confirm we have your permission each time. Learn more by viewing our privacy policy.Ok