{"id":340,"date":"2022-08-24T10:26:23","date_gmt":"2022-08-24T08:26:23","guid":{"rendered":"http:\/\/ivangavriloff.com\/?p=340"},"modified":"2022-08-24T10:26:23","modified_gmt":"2022-08-24T08:26:23","slug":"piece-7","status":"publish","type":"post","link":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/","title":{"rendered":"Pi\u00e8ce #7"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><a>Amazon Echo : un vecteur potentiel d\u2019espionnage du foyer num\u00e9rique<\/a><\/h2>\n\n\n\n<p>\u2013 Itespresso.fr \u2013 2017 \u2013<\/p>\n\n\n\n<p>La soci\u00e9t\u00e9 britannique de conseil en cybers\u00e9curit\u00e9 MWR Labs ne va pas jusque-l\u00e0, mais affirme que l\u2019assistant num\u00e9rique peut \u00eatre d\u00e9tourn\u00e9 par des tiers, entre autres pour intercepter toutes les donn\u00e9es vocales que capte le microphone.<\/p>\n\n\n\n<p>Le hack est rendu possible par la pr\u00e9sence, sur le dessous de l\u2019appareil, d\u2019un connecteur \u00e0 18 points.<\/p>\n\n\n\n<p>MWR Labs s\u2019est engouffr\u00e9 dans une br\u00e8che ouverte par des chercheurs qui avaient exploit\u00e9 ce connecteur pour lancer un OS Linux depuis une carte SD (un wiki d\u00e9di\u00e9 a \u00e9t\u00e9 mis en place, accompagn\u00e9 d\u2019un livre blanc).<\/p>\n\n\n\n<p>En utilisant les broches UART (RX en entr\u00e9e, TX en sortie), la firme a pu suivre la s\u00e9quence de d\u00e9marrage de l\u2019Echo.<\/p>\n\n\n\n<p>Celle-ci se d\u00e9roule en trois phases. Du code localis\u00e9 dans une ROM cach\u00e9e s\u2019ex\u00e9cute d\u2019abord pour \u00e9tablir une configuration mat\u00e9rielle de base. Il assure ensuite le chargement, dans le cache du processeur (un DM3725 de Texas Instruments, bas\u00e9 sur un c\u0153ur ARM Cortex-A8), d\u2019un premier chargeur d\u2019amor\u00e7age (X-loader) auquel succ\u00e8de un deuxi\u00e8me (U-Boot), plac\u00e9 en m\u00e9moire vive et qui charge le noyau.<\/p>\n\n\n\n<p>L\u2019Echo est param\u00e9tr\u00e9 de telle sorte que la carte SD externe a, au d\u00e9marrage, la priorit\u00e9 sur le stockage interne. C\u2019est irr\u00e9versible \u00e0 moins de modifier directement la carte m\u00e8re.<\/p>\n\n\n\n<p>Pour que le carte SD soit reconnue, il faut connecter six broches.<\/p>\n\n\n\n<p>La bonne partition<\/p>\n\n\n\n<p>La version de U-Boot utilis\u00e9e par MWR Labs permet d\u2019interrompre le processus de d\u00e9marrage et d\u2019ouvrir l\u2019interface en ligne de commande. \u00c0 partir de l\u00e0, on peut acc\u00e9der \u00e0 la m\u00e9moire interne de l\u2019appareil.<\/p>\n\n\n\n<p>Cette derni\u00e8re comprend huit partitions, dont \u00ab main-A \u00bb et \u00ab main-B \u00bb, sur lesquelles le syst\u00e8me de fichiers et le noyau se logent alternativement, au gr\u00e9 des mises \u00e0 jour du firmware.<\/p>\n\n\n\n<p>Une fois la bonne partition trouv\u00e9e avec trois lignes de commandes, on peut configurer U-Boot pour qu\u2019il d\u00e9marre depuis ce volume, tout en modifiant les param\u00e8tres du noyau pour un montage en lecture-\u00e9criture.<\/p>\n\n\n\n<p>Au red\u00e9marrage, on obtient, sur l\u2019interface UART, un terminal en mode root, sans n\u00e9cessit\u00e9 de s\u2019authentifier.<\/p>\n\n\n\n<p>MWR Labs monte alors la partition \/var et y installe un shell invers\u00e9 lui permettant d\u2019\u00e9tablir une connexion distance sur le port 1 337.<\/p>\n\n\n\n<p>Une fois la liaison effective, les chercheurs ont pu examiner les diff\u00e9rents processus en cours d\u2019ex\u00e9cution sur l\u2019Echo. Et comprendre comment les donn\u00e9es audio \u00e9taient cr\u00e9\u00e9es et exploit\u00e9es. Ils ont, en cons\u00e9quence, d\u00e9velopp\u00e9 un script qui intercepte toutes ces donn\u00e9es et les transmet sur TCP\/IP. Le tout sans aucun impact perceptible sur le fonctionnement de l\u2019assistant.<\/p>\n\n\n\n<p>La vuln\u00e9rabilit\u00e9 n\u2019est plus pr\u00e9sente sur les Echo vendus en 2017, Amazon ayant emp\u00each\u00e9 le d\u00e9marrage sur SD externe en connectant deux broches (+3V et MOSI\/CMD). MWR Labs reconna\u00eet qu\u2019il faut disposer d\u2019un acc\u00e8s physique \u00e0 l\u2019appareil pour enclencher le hack, mais note que certains Echo sont particuli\u00e8rement expos\u00e9s, \u00e0 l\u2019image de ceux install\u00e9s dans des chambres d\u2019h\u00f4tel. On soulignera toutefois que le produit est dot\u00e9 d\u2019un interrupteur pour couper le micro.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon Echo : un vecteur potentiel d\u2019espionnage du foyer num\u00e9rique \u2013 Itespresso.fr \u2013 2017 \u2013 La soci\u00e9t\u00e9 britannique de conseil en cybers\u00e9curit\u00e9 MWR Labs ne va pas jusque-l\u00e0, mais affirme que l\u2019assistant num\u00e9rique peut \u00eatre d\u00e9tourn\u00e9 par des tiers, entre autres pour intercepter toutes les donn\u00e9es vocales que capte le microphone. Le hack est rendu&hellip;&nbsp;<a href=\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\" class=\"\" rel=\"bookmark\">Lire la suite &raquo;<span class=\"screen-reader-text\">Pi\u00e8ce #7<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-340","post","type-post","status-publish","format-standard","hentry","category-non-classe"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Pi\u00e8ce #7 - Ivan Gavriloff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pi\u00e8ce #7 - Ivan Gavriloff\" \/>\n<meta property=\"og:description\" content=\"Amazon Echo : un vecteur potentiel d\u2019espionnage du foyer num\u00e9rique \u2013 Itespresso.fr \u2013 2017 \u2013 La soci\u00e9t\u00e9 britannique de conseil en cybers\u00e9curit\u00e9 MWR Labs ne va pas jusque-l\u00e0, mais affirme que l\u2019assistant num\u00e9rique peut \u00eatre d\u00e9tourn\u00e9 par des tiers, entre autres pour intercepter toutes les donn\u00e9es vocales que capte le microphone. Le hack est rendu&hellip;&nbsp;Lire la suite &raquo;Pi\u00e8ce #7\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\" \/>\n<meta property=\"og:site_name\" content=\"Ivan Gavriloff\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-24T08:26:23+00:00\" \/>\n<meta name=\"author\" content=\"Ivan Gavriloff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ivan Gavriloff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\"},\"author\":{\"name\":\"Ivan Gavriloff\",\"@id\":\"https:\/\/ivangavriloff.com\/#\/schema\/person\/930ae4d13fedee4b98de602d5bcfd106\"},\"headline\":\"Pi\u00e8ce #7\",\"datePublished\":\"2022-08-24T08:26:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\"},\"wordCount\":574,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/ivangavriloff.com\/#organization\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\",\"url\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\",\"name\":\"Pi\u00e8ce #7 - Ivan Gavriloff\",\"isPartOf\":{\"@id\":\"https:\/\/ivangavriloff.com\/#website\"},\"datePublished\":\"2022-08-24T08:26:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/ivangavriloff.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pi\u00e8ce #7\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ivangavriloff.com\/#website\",\"url\":\"https:\/\/ivangavriloff.com\/\",\"name\":\"Ivan Gavriloff\",\"description\":\"Auteur de livres d\u2019anticipation\",\"publisher\":{\"@id\":\"https:\/\/ivangavriloff.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ivangavriloff.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/ivangavriloff.com\/#organization\",\"name\":\"Ivan Gavriloff\",\"url\":\"https:\/\/ivangavriloff.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/ivangavriloff.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/ivangavriloff.com\/wp-content\/uploads\/2022\/03\/logo-agency.png\",\"contentUrl\":\"https:\/\/ivangavriloff.com\/wp-content\/uploads\/2022\/03\/logo-agency.png\",\"width\":200,\"height\":200,\"caption\":\"Ivan Gavriloff\"},\"image\":{\"@id\":\"https:\/\/ivangavriloff.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/ivangavriloff.com\/#\/schema\/person\/930ae4d13fedee4b98de602d5bcfd106\",\"name\":\"Ivan Gavriloff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/ivangavriloff.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1860a049beb7eb39b0dc0c3a30235aed8dfa28cd1dc531868536748727f4f5a2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1860a049beb7eb39b0dc0c3a30235aed8dfa28cd1dc531868536748727f4f5a2?s=96&d=mm&r=g\",\"caption\":\"Ivan Gavriloff\"},\"sameAs\":[\"http:\/\/ivangavriloff.com\"],\"url\":\"https:\/\/ivangavriloff.com\/index.php\/author\/admin9289\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pi\u00e8ce #7 - Ivan Gavriloff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/","og_locale":"fr_FR","og_type":"article","og_title":"Pi\u00e8ce #7 - Ivan Gavriloff","og_description":"Amazon Echo : un vecteur potentiel d\u2019espionnage du foyer num\u00e9rique \u2013 Itespresso.fr \u2013 2017 \u2013 La soci\u00e9t\u00e9 britannique de conseil en cybers\u00e9curit\u00e9 MWR Labs ne va pas jusque-l\u00e0, mais affirme que l\u2019assistant num\u00e9rique peut \u00eatre d\u00e9tourn\u00e9 par des tiers, entre autres pour intercepter toutes les donn\u00e9es vocales que capte le microphone. Le hack est rendu&hellip;&nbsp;Lire la suite &raquo;Pi\u00e8ce #7","og_url":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/","og_site_name":"Ivan Gavriloff","article_published_time":"2022-08-24T08:26:23+00:00","author":"Ivan Gavriloff","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Ivan Gavriloff","Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#article","isPartOf":{"@id":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/"},"author":{"name":"Ivan Gavriloff","@id":"https:\/\/ivangavriloff.com\/#\/schema\/person\/930ae4d13fedee4b98de602d5bcfd106"},"headline":"Pi\u00e8ce #7","datePublished":"2022-08-24T08:26:23+00:00","mainEntityOfPage":{"@id":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/"},"wordCount":574,"commentCount":0,"publisher":{"@id":"https:\/\/ivangavriloff.com\/#organization"},"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/","url":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/","name":"Pi\u00e8ce #7 - Ivan Gavriloff","isPartOf":{"@id":"https:\/\/ivangavriloff.com\/#website"},"datePublished":"2022-08-24T08:26:23+00:00","breadcrumb":{"@id":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/ivangavriloff.com\/index.php\/2022\/08\/24\/piece-7\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/ivangavriloff.com\/"},{"@type":"ListItem","position":2,"name":"Pi\u00e8ce #7"}]},{"@type":"WebSite","@id":"https:\/\/ivangavriloff.com\/#website","url":"https:\/\/ivangavriloff.com\/","name":"Ivan Gavriloff","description":"Auteur de livres d\u2019anticipation","publisher":{"@id":"https:\/\/ivangavriloff.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ivangavriloff.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/ivangavriloff.com\/#organization","name":"Ivan Gavriloff","url":"https:\/\/ivangavriloff.com\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/ivangavriloff.com\/#\/schema\/logo\/image\/","url":"https:\/\/ivangavriloff.com\/wp-content\/uploads\/2022\/03\/logo-agency.png","contentUrl":"https:\/\/ivangavriloff.com\/wp-content\/uploads\/2022\/03\/logo-agency.png","width":200,"height":200,"caption":"Ivan Gavriloff"},"image":{"@id":"https:\/\/ivangavriloff.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ivangavriloff.com\/#\/schema\/person\/930ae4d13fedee4b98de602d5bcfd106","name":"Ivan Gavriloff","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/ivangavriloff.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1860a049beb7eb39b0dc0c3a30235aed8dfa28cd1dc531868536748727f4f5a2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1860a049beb7eb39b0dc0c3a30235aed8dfa28cd1dc531868536748727f4f5a2?s=96&d=mm&r=g","caption":"Ivan Gavriloff"},"sameAs":["http:\/\/ivangavriloff.com"],"url":"https:\/\/ivangavriloff.com\/index.php\/author\/admin9289\/"}]}},"_links":{"self":[{"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/posts\/340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/comments?post=340"}],"version-history":[{"count":1,"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/posts\/340\/revisions"}],"predecessor-version":[{"id":341,"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/posts\/340\/revisions\/341"}],"wp:attachment":[{"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/media?parent=340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/categories?post=340"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivangavriloff.com\/index.php\/wp-json\/wp\/v2\/tags?post=340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}