Root, on an Amazon Echo point
The Amazon Echo has become a must-have device for many who are indifferent to its privacy implications. It's easy to forget that this isn't an entirely new product anymore, with older examples now long enough to no longer receive security updates. A surprise is that far from being just customers of Amazon's cloud services, they actually run a version of Android. This makes the old points interesting for experimenters, but first is it possible to get root access? [Daniel B] succeeded, on a second-gen Echo Dot.
In a way, this is not new, as the root has already been obtained on an Echo Dot by means of a patched kernel. Echo devices use a chain of trust startup process in which each successive step must verify the Amazon signature of the previous one. The kernel patch method breaks the ability to reboot the device with root access. [Daniel's] method bypasses this chain of trust by using a USB-injected preloader via an exploit. Custom preloader skips checking completely
For example, [Daniel] has created a web server on his Dot, which can stream audio captured by the device. Don't panic just yet - an analysis of other security features suggests this isn't the dangerous exploit it might seem. This does, however, open up these powerful but now fairly cheap devices as potentially usable for other purposes, which can only be a good thing.
We've already featured Daniel's work releasing WiFi details from a point.
The Amazon Echo has become a must-have device for many who are indifferent to its privacy implications. It's easy to forget that this isn't an entirely new product anymore, with older examples now long enough to no longer receive security updates. A surprise is that far from being just customers of Amazon's cloud services, they actually run a version of Android. This makes the old points interesting for experimenters, but first is it possible to get root access? [Daniel B] succeeded, on a second-gen Echo Dot.
In a way, this is not new, as the root has already been obtained on an Echo Dot by means of a patched kernel. Echo devices use a chain of trust startup process in which each successive step must verify the Amazon signature of the previous one. The kernel patch method breaks the ability to reboot the device with root access. [Daniel's] method bypasses this chain of trust by using a USB-injected preloader via an exploit. Custom preloader skips checking completely
For example, [Daniel] has created a web server on his Dot, which can stream audio captured by the device. Don't panic just yet - an analysis of other security features suggests this isn't the dangerous exploit it might seem. This does, however, open up these powerful but now fairly cheap devices as potentially usable for other purposes, which can only be a good thing.
We've already featured Daniel's work releasing WiFi details from a point.
What's Your Reaction?
