Since Amazon presented and sold the Amazon Echo in 2014 (USA, 2016 in Germany and the UK), there were many concerns whether the voice controlled and cloud connected gadget spies on you and uploads all conversations that are in reach of the seven installed microphones. We took a closer look again at the Amazon Echo and the Amazon Echo Dot to prove or dispel some concerns.
The Amazon Echo as well as the Amazon Echo Dot uses a highly modified version of Unix as operating system. Although the Echo Dot has an USB connector, no wired communication is possible (e.g. via ADB). However, the fastboot-tool from the Android SDK showed us a connected device, but we were not able to unlock the bootloader, flash any files, or root the operating system.
Almost every communication channel of the Amazon devices uses TLS1.2 encryption with certificate validation/pinning. This technique prevented us to use a Man-In-The-Middle-proxy and read along the encrypted traffic.
One of the few unencrypted requests was an ordinary online check by requesting an Amazon page. Due to the fact, that all sensitive information will be transported encrypted, we only can make assumptions on what is transmitted to Amazon – but we cannot proof it.
We created a small scenario to evaluate what data might be sent over the internet. We opened up Wireshark and captured the traffic. The scenario was like
- ~8 seconds of a silent room
- Asking Alexa “What time is it?” and awaiting the answer (~6 seconds)
- ~8 seconds of a silent room
- “Alexa – tea, earl grey, hot” and await the answer (~5 seconds)
- ~23 seconds of a normal conversation between two people (not including any Alexa keywords)
The graph shows the transmitted bytes with a resolution of 100ms. It is noticeable that the traffic raises a significant amount, as soon as the “Alexa” keyword is spoken. We assume, that at these phases, the Echo uploads the voice recording to the Alexa Voice Service (AVS, https://developer.amazon.com/alexa-voice-service). As soon as Alexa finished the answer to our question the traffic drops to the previous level. Data transmitted in these idle phases might be device metrics, keep-alive and push messages. But it’s very safe to say, that the Echo devices do not upload recordings of the surrounding to Amazon. What we cannot rule out is if the Echo is recording all time (and saving the audio to the internal storage). If this is the case, Amazon may be able to access or upload these files via remote commands, e.g. in the case of a crime (https://www.forbes.com/sites/ianmorris/2016/12/28/amazon-echo-now-an-expert-murder-witness/ and http://edition.cnn.com/2017/03/07/tech/amazon-echo-alexa-bentonville-arkansas-murder-case/). Although Amazon assured that the devices only store the audio when the wake-up keyword is spoken.
We also tried to analyse differences in contacted webservices over a large timespan in the two scenarios idle mode and active usage. Unfortunately, the inspection tools were fairly useless for the in- and outgoing TLS-Stream. Both scenarios only showed connections to device-metrics-server of Amazon (and we assumed more for the latter scenario).
As stated above, we were not able to perform a man-in-the-middle-attack due to certificate pinning, but all captured SSL traffic was not safe in front of our tools – well, at least the metadata. The following screenshot shows an evaluated SSL capture during a firmware update.
In contrast to other researchers and enthusiasts trying to the hack the Amazon Echo Dot, we couldn’t observe that a firmware update is transmitted over an unprotected HTTP pipeline as stated e.g. in https://medium.com/@micaksica/exploring-the-amazon-echo-dot-part-1-intercepting-firmware-updates-c7e0f9408b59#7525 or https://blog.padil.la/2017/01/20/amazon-echo-dot-system-image/. As they downloaded a firmware image with the version 564196920 our Echo Dot already had the version 571207720 installed. Shortly after booting the Amazon Echo we observed a peak in data throughput. After about a minute the Echo downloaded 131MB from a CDN, most probably containing the data for a new firmware. Because the Amazon Echo App reported version 578223820 afterwards.
Because of the fact, that we were not able to catch any unencrypted requests to retrieve the firmware update, it is safe to assume that Amazon changed the OTA-Update-procedure in favour of a more secure way. Nonetheless we analysed the firmware 564196920 from the mentioned blog post and found a highly modified version of Android as operating system – most likely Amazon’s FireOS. There were also several apks packed in the firmware image, but we did not find any abnormalities.
The bigger Amazon Echo also was of interest by smart home enthusiast. Unluckily no one found a downloadable OTA-Update file, neither did we. Although some hackers were able to use the debug connection pad on the Echo motherboard to open a terminal and extract the filesystem (https://github.com/echohacking/wiki/wiki/Echo). The system image shows, that the Echo is running an Unix based operating system, but unlike the Echo Dot it does not seem to be based on Android/Fire OS.
The Amazon Echo and Echo Dot leaves mixed feelings with us. Although we are happy about every single encryption we find in our network traffic captures, there is always an underlying bad feeling about these new connected smart home devices. The multiple installed microphones are always able to listen to its surrounding and, because of the secure encryption, we cannot tell what data is transmitted to Amazon. So in the end everybody has to decide on its own, if trendy techniques and gimmicks are worth the risk of losing a part of your personal privacy.
The level of background/silence data transmission is surprising. According to the graph of “commands and silence” the background transmission from the Echo is about 1600 bytes per 100ms or 16kBs
1. At that rate I calculate 40GB per month in silence which doesn’t sound right (especially for Echo-maniacs with 5+ devices!)
2. 16kBs is enough bandwidth to send high quality mildly compressed audio back to the net (I’m not suggesting this is actually happening)
As context, Amazon’s AVS API (from Echo to AWS) uses 16kHz/16bit audio which is 32kBs (that excludes any compression they do and any encryption and networking overhead)
Can you confirm that the graph axes are labelled right. Perhaps some of that data is just LAN traffic that never hits Amazon servers.
Otherwise, your finding is not so safe:) “But it’s very safe to say, that the Echo devices do not upload recordings of the surrounding to Amazon”
thank you for your detailed comment! You are indeed right. The displayed rate is a bit too high and there are two reasons. The first reason is, that both uploads and downloads are included. The second reason is that an update for the device was downloaded during the generation of this network capture (pretty much no upload during silence).
We will create a new network capture and update the graph. Thanks again for pointing this out!
we have updated the graph now. Thanks again for pointing this out.
Thanks Maik! That looks like what Amazon says it should.
Pingback: OK, Google Home. What about privacy? – AV-TEST Internet of Things Security Testing Blog
Pingback: AV-TEST awards manufacturers for Approved Smart Home Security – AV-TEST Internet of Things Security Testing Blog
peek? or peak …….
Thanks for pointing this out, will be corrected in a moment.
Malik, thank you for providing this thoughtful analysis. It would be interesting to see a Wireshark analysis of a scenaio where you added an additional 6th step:
Asking Alexa “What time is it?” and awaiting the answer (~6 seconds)
so you could compare the traffic to what occurred after step 2. This might provide some evidence as to whether or not the device was transmitting recorded conversation prior to hearing the waje word.
One way to determine whether conversations are being sent or not would be to purchase two identical units. Wait for them to upgrade to the latest firmware, so you’re working from a level playing field, then put one in a quiet place while leaving the other in a communal area, then measure the difference in traffic sent from the two units.
Thx for real research i know it it hapen… dat sample packet what capture my SYNOLOGY router is bad.. really bad..
Is it true you are using WINDOWS (cmd prompt) to do this testing? wtf?
Some tools we use run as Windows command line tool, other tests are performed with Linux tools.
The Amazon Echo or any other home assistant may not be listening all the time. Your analysis shows a spike using trigger word. I pointed out on The Register most home routers use csma so any computer could being spied on and this would explain the excessive if not ridiculous amounts of data being dispatched from the local network. Wire shark is not the only predator on the planes.
Pingback: Ton smartphone t’écoute-t-il à l’insu de ton plein gré ? – Flint Dimanche #13 – Flint Times
I am concerned about privacy, but particularly the unencrypted data the echo dot appears to send constantly to amazon servers, but also akamai. At it’s worst the echo dot floods my router with packets, To the point at times, i have to unplug the device in order to use the internet for other things.
Pingback: Loup y es-tu ? Loup, m’entends-tu ? Avoir un micro activé par défaut chez soi | Vies privées numériques
Pingback: Sprachassistenten im Smart Home Bereich - JustBlog