Hacker News new | past | comments | ask | show | jobs | submit login

> This is the main problem that I see. Sure, I tested the packets, sniffed them, made sure it wasn't recording, etc, but then they push an update the next day. I don't think it's practical to monitor these devices all the time, and I haven't been asked to opt-in to an Echo update.

This is a problem with forced updates in general (I'm also thinking of Windows, Chrome, Chrome extensions, etc. here) that security experts seem completely blind to.

That said, note that even if the software didn't update, it doesn't mean it would have to send bad packets when you're actually observing. It could randomly start doing that once in a while after a few months.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact