Amazon Echo Show falls victim to an old flaw at hacking contest
The patch gap was a "common factor" in many of the Internet of Things hacks at the contest, Gorenc added.
This was the first time contestants could target devices in the Home Automation category, and there were a number of firsts beyond that. Fluoroacetate also compromised a Sony X800G TV (the first television target for Pwn2Own) through a JavaScript flaw in its web browser, while Team Flashback cracked the first router by using a buffer overflow to gain control of a Netgear Nighthawk R6700 router. Not everyone was successful, though -- a Facebook Portal withstood hacking attempts.
Amazon said it was "investigating" the Echo Show 5 hack and would take "appropriate steps" to safeguard its devices, although it didn't elaborate on what it would do or when. It's safe to say the result illustrated the security risks involved in making smart home devices. Companies may have to fork software (and thus add extra work) to optimize it for connected devices, but that can also introduce flaws if developers aren't committed to keeping that special code up to date.
Gloss