Comments (3)
Hi Corey, thanks for reaching out.
No, this proxy will not solve your problem. This is because of the split of the communication between the Alexa device and the Amazon server on one side and the Amazon server and the skill on the other side. This proxy is placed between the latter communication points, intercepting the request from the Amazon server to the skill and vice versa. That request/response does not contain any audio data, just the resulting action / command / question in text that is directed at the skill.
The communication between the Alexa device and the Amazon server (containing the actual audio) is secured and fixed to only work with Amazon servers. I'm not sure how exactly, but I guess the Alexa device has a hardcoded URL to post to and Amazon certificates installed to identify the server. So tampering with that will be very hard to do. You can ask Pindrop how they did it but I suspect they have a deal with Amazon that enables them to test with a modified Alexa device.
Good luck & regards, Erik
from alexa-proxy.
Thank you for going out of your way and for providing me with a detailed and informative answer! If it is any interest to you, I've done more research on the topic and I think the way pindrop did it is through a hardware vulnerability.
Basically, you boot the alexa from an SD card which grants you root access. You can then copy over a script that streams the audio from the always-listening microphones to a 3rd party server. This only works with 1st generation, 1st iteration echo devices.
You can read about it here:
Alexa, are you listening? Mark Barnes, 1 August 2017
https://labs.mwrinfosecurity.com/blog/alexa-are-you-listening
Amazon Echo Hardware Root via eMMC Debug Pins by echohacking on github
https://github.com/echohacking/wiki/wiki/Echo
A Survey of Various MethodEnroll Voice s for Analyzing the Amazon Echo, The Citadel, The Military College of South Carolina
https://vanderpot.com/Clinton_Cook_Paper.pdf
from alexa-proxy.
Hi Corey, thanks for your reply. Very interesting to read about the hardware hack. That seems like a plausible way for Pindrop to do what they did. If you're a bit handy with that you could use it too if you have a vulnerable device. Either way, good luck with your demo!
from alexa-proxy.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alexa-proxy.