Hackers won $60,000 in Zero-Day Initiative; targeting Amazon Echo

Older version of Google Chromium acted as a loophole in Amazon Echo Show 5 which was selected as a target by team Fluoroacetate.

In a hacking contest Pwn2Own, the team of two whitehat hackers, has named the title in reward to hack Amazon Echo.

Team Fluoroacetate, consisting of Amat Cama and Richard Zhu, has bagged $60,000 after hacking an Alexa-powered smart display, Amazon Echo Show 5. The bug in the web browser of the device helps them to hack and capture it. It was their first-ever attempt in the Home Automation category.

The team found that the device uses an outdated version of Google Chromium, which was their way out to hack devices. After this, the device can be fully controlled by an unauthorized person, if it gets connected with any malicious WiFi, said by said Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which put on the Pwn2Own contest.

Amat Cama and Richard Zhu of Fluoroacetate. Image: Zero Day Initiative

In order to prevent intervention from outside, the researchers were covered by radio- frequency shielding. By not updating the latest version of Google chrome, the patch gap had occurred due to integer-overflow bug. This bug takes place when any arithmetic calculation produces a number that has no space for it in memory. This creates a dangling number that overflowed from its actual memory space. This patch gap left the vulnerability to the security of the device.

It has been a third time consecutively; team Fluoroacetate has pocketed the “Master of Pwn” title. 


Amazon response to this development was, “investigating this research and will be taking appropriate steps to protect our devices based on our investigation”. 

Pwn2Own is a bug bounty event held in Tokyo, hosted by Zero Day Initiative. This contest provides an opportunity to white hackers to find previously unknown bugs in devices. In return, they are rewarded by woopy cash amount. To sum up the whole event, it awarded $195,000 for 12 total bugs. The teams were successfully made nine attempts to crack seven targets in five categories.

This event was the first time participants could target devices in the Household Automation category. Fluoroacetate also compromised a Sony X800G TV, and another team Flashback decoded the first Netgear Nighthawk R6700 router.

Featured image: Amazon

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow us for latest news!

- Advertisement -

Latest News

VMWare acquiring network security firm Lastline

VMware, a well known American publicly traded software company, has announced its intent to acquire Lastline, an anti-malware cybersecurity company, for research...
- Advertisement -