[lexridge]

So I read an article a few weeks ago that mentioned that Amazon Echo and Google Home devices are indeed spying on the general public. I want to be able to prove or disprove this on my own. So I set up an exclusive VLAN WAP just for my eight Echo devices (I don't have any Google Home devices). I left out my two FireTV sticks as I believe their microphones are only built into the remotes.

I figured this would make them MUCH easier to monitor with networking tools such as WireShark or even tcpdump without the need for complex filtering. Any better ideas here would be appreciated.

I am not using any interconnect features, such as multi-room audio sync. Yet, all these devices do reach out and communicate with each other. Wondering why?

I have not yet found any evidence of them recording our conversations yet as I only got this setup yesterday, but I will add a full time logging system of some sort over the weekend.

Has anyone else attempted anything like this and if so, what were your results?

[lexridge]

Here is a tcpdump capture of my Echo devices, for one minute. All microphones are muted at this point. They still generate a ton of traffic.

[Alozaros]

on one of my locations i do have a spammers..amason alexa and sonos and tons or other crap...
its all on a vlan and their own router...i can see hits on the WAN side form the router after...but that is normal as they are all on the same switch...as far as recording and monitoring...hmm this is a cats and dogs game...less devices and mics around better...

my Iphone on number of occasions, i can see my cam sensor is flashing green when i dont even have a cam related app running..and i know apple ware blamed of taking pic of the phone users illegally...

mdns is their thing too those smartdevices are loving it.. so, if not using it, turn it off..with a pinch of salt, router is still fine...

in the past out of curiosity, i did lots of tcpdump router side and wshark on a tap..it gets crazy...

tcpdump -nnS -i br0 !'port 22'
tcpdump -nnvS -i eth0 !'port 22'

or any interface that is concern and it gets mad...

back in the days there was one odd smart TV, that it would congest the network with UDP flood..
and in general all smart and IoT are prone to dns and tcp udp flood's ...

for the record, there is a way how to encrypt all your data on alexa side...so, nobody can see it even Amazon...well at least that was the claim

[lexridge]

Chasing these things around in a tcpdump is akin to keeping an eye on one fish within a school! I am slowly coming up with better filtering however.

I have decided to connect only one or two devices to the VLAN at a time to keep down the noise....(and generate smaller logs) and these things are really LOUD (referencing their traffic, ofc)! I have five different Echo models: 1 first gen Echo, 2 first gen Dots, 1 second gen Show 5, 3 third gen Dots and 1 Echo Flex.

Whenever I speak to them, they reach out to 52.46.156.62:443 so this may be the address to filter for, for any shenanigans. However, odds are they are using a load balancer so it could easily change. This is probably going to be different in others countries too, I would suspect. This ended up being much more work than I had anticipated.

[lexridge]

Monitored all Echo devices for several days now and have yet to get one byte of evidence they are recording in secret. This does not of course mean they cannot be remotely told to record on demand, which I sure they can, but no data either way to (dis)prove that.

[Alozaros]

There are many articles here and there that claim, those can be remotely highjacked..and used for monitoring...or other malicious purpose...same for phones and their cam and mic ...
So, its not impossible, but rather matter of time...