Giter VIP home page Giter VIP logo

Comments (3)

ewjmulder avatar ewjmulder commented on September 27, 2024 1

Hi Corey, thanks for reaching out.

No, this proxy will not solve your problem. This is because of the split of the communication between the Alexa device and the Amazon server on one side and the Amazon server and the skill on the other side. This proxy is placed between the latter communication points, intercepting the request from the Amazon server to the skill and vice versa. That request/response does not contain any audio data, just the resulting action / command / question in text that is directed at the skill.

The communication between the Alexa device and the Amazon server (containing the actual audio) is secured and fixed to only work with Amazon servers. I'm not sure how exactly, but I guess the Alexa device has a hardcoded URL to post to and Amazon certificates installed to identify the server. So tampering with that will be very hard to do. You can ask Pindrop how they did it but I suspect they have a deal with Amazon that enables them to test with a modified Alexa device.

Good luck & regards, Erik

from alexa-proxy.

CoreyCole avatar CoreyCole commented on September 27, 2024

Thank you for going out of your way and for providing me with a detailed and informative answer! If it is any interest to you, I've done more research on the topic and I think the way pindrop did it is through a hardware vulnerability.

Basically, you boot the alexa from an SD card which grants you root access. You can then copy over a script that streams the audio from the always-listening microphones to a 3rd party server. This only works with 1st generation, 1st iteration echo devices.

You can read about it here:

Alexa, are you listening? Mark Barnes, 1 August 2017
https://labs.mwrinfosecurity.com/blog/alexa-are-you-listening

Amazon Echo Hardware Root via eMMC Debug Pins by echohacking on github
https://github.com/echohacking/wiki/wiki/Echo

A Survey of Various MethodEnroll Voice s for Analyzing the Amazon Echo, The Citadel, The Military College of South Carolina
https://vanderpot.com/Clinton_Cook_Paper.pdf

from alexa-proxy.

ewjmulder avatar ewjmulder commented on September 27, 2024

Hi Corey, thanks for your reply. Very interesting to read about the hardware hack. That seems like a plausible way for Pindrop to do what they did. If you're a bit handy with that you could use it too if you have a vulnerable device. Either way, good luck with your demo!

from alexa-proxy.

Related Issues (1)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.