This Tethered Root Lets You Run Your Own Code on Amazon's Second-Gen Echo Devices

15-year-old semi-pseudonymous developer "Daniel B" has come up with a way to gain root access to second-generation Amazon Echo devices — including the ability to extract microphone data from the device over the network.

"Thanks to a debug feature implemented by Lab126 (Amazon's hardware development company) it is now possible to obtain a tethered root on the device," Daniel explains. "Thanks to strong security practices enforced by the company such as a chain of trust from the beginning of the boot process, this should not be a major issue. However, it is a great opportunity for people wanting to run their own software on the device (such as open source voice assistants)."

Using a previously-published exploit to break the chain of trust, Daniel's software is able to push a patched preloader into memory over a USB connection — unlocking the otherwise-disabled debug features and accessing the ability to run custom code on Amazon's hardware. "This means it is a tethered exploit," Daniel notes, "as we are required to push the patched preloader by USB."

Exploring what root access means on the device, Daniel discovered some welcome security features remained. "To start with, the LED underneath the mute button cannot be disabled using software; it is controlled by the OS," he explains, "but can only be enabled from a root shell and not disabled. This means that if an attacker were to remotely access your Echo, they would be unable to listen in, provided it is on mute. There is also a process which filters logs before they are uploaded to ensure there is no sensitive information; this is a huge improvement from older Kindle devices which were known to upload exact GPS location and is much more privacy-friendly."

That doesn't mean it's entirely safe, however: proof of concept code released by Daniel allows both the microphone and the mute LED to be activated covertly, with recorded audio — captured while the device appears to be, but is actually not, muted — exfiltrated to a remote server. "If this exploit were untethered," he explains, "that could be a relatively significant issue, but thanks to the good practices of Lab126 during the design process, this would not be possible to start on boot."

The release of the software comes as engineer Justin Alvey takes an alternative approach to running custom code on a smart speaker system: replacing the PCB in a Google Nest Mini with a custom design powered by an Espressif ESP32-S3, programmed to run a custom personal assistant system dubbed Maubot and linked to OpenAI's GPT-3.5 for natural language processing and response.

Daniel's full write-up is available on his blog; a Python utility for rooting second-generation Echo devices is available on GitHub under an unspecified open-source license.