Two security researchers were able to hack into an Amazon Echo Show 5 by exploiting a bug in the device during a hacking contest.
The researchers won the ‘Pwn2Own’ contest after they were able to hack the Alexa-powered smart display through an old flaw.
The Echo Show uses an old version of Chromium that leaves the smart device vulnerable to attacks. The researchers were able to take advantage of the out-of-date code and take full control of the smart display if it was connected to a malicious Wi-Fi hotspot.
This kind of vulnerability where an older software has been patched onto other platforms is called a “patch gap.” This type of flaw was apparently present in a number of IoT devices at the contest.
Amazon has said that it is “investigating this research and will be taking appropriate steps to protect our devices based on our investigation.”
However, it did not say how it would be addressing the vulnerability or when it will roll out a fix for the flaw.
Interestingly, hackers at the contest attempted to hack into a Facebook Portal, which is a video calling smart display, but were unable to do so.