Some Android devices can only record 8kHz audio and then upsample without telling you (where iOS hardware native is 44.1kHz). Some also apply filters you wouldn't expect at the input stage. There's also automatic gain control (AGC) which varies dramatically across manufacturers and phones. Similarly for output: filtering, sample rates, speaker quality, etc. Then taking into account the immense matrix of testing, the problem becomes non-trivial very quickly on Android in ways that are not an issue on iOS. Their choice of ASK complicates things further as amplitude modulation is more prone to transmission error afaik.
As someone who's spent way, way too long playing back and recording audio on mobile devices as a mechanism of communications, let me assure you, it's hugely harder on Android than it is on iOS. I would have made the same decision if I were them.
Surprised they didn't use BLE, honestly...
[edit] Very cool approach though!
Another solution is Electric Imp's BlinkUp, which encodes the WiFi information in flashing light from the screen. Patented.
How do they know for sure? Perhaps they also connect every month for a (status) update or for statistics, but this hacker just missed that.
I wouldn't use these buttons to launch any missiles :)
Actually, here's a guide: https://learn.adafruit.com/dash-hacking-bare-metal-stm32-pro...
I'm going to have a run at reproducing this in Python. Should be fun!
I think it's going to be interesting when the Amazon dash buttons end up playing a role in next big DDOS...
People complaining about things they didn't take five seconds to understand is how FUD gets spread. Please don't contribute to this nonsense.
Given the use of passive bugs, it's pretty obvious that zero onboard storage is required for a listening device to be useful to those with resources to collect the information real-time. It's healthy to understand the inherent trade-offs you're making by installing such a device, and make sure you can monitor its usage appropriately if you choose to keep one in a place you presume is reasonably private.
[1] https://en.m.wikipedia.org/wiki/The_Thing_(listening_device)
And yes, saying "Dash buttons are secret government wiretaps!" is FUD, no matter how subtly you say it. There's literally a simple way to test: sniff the wire. And people have done that (https://medium.com/@edwardbenson/how-i-hacked-amazon-s-5-wif...). Spoilers: exactly what you'd expect. I'd also like to see how long you think a WiFi device powered by a single AAA battery would last while streaming voice to the Internet.
Conclusion: FUD.
