Since smart speakers like the Amazon Echo first began to appear in homes across the world, the security community has come to see them as a prime target. But that threat has remained largely hypothetical: No Echo malware has appeared in the wild, and even proof-of-concept attacks on the devices have remained impractical at best.

Now, one group of Chinese hackers has spent months developing a new technique for hijacking Amazon's voice assistant gadget. It's still hardly a full-blown remote takeover of those smart speakers. But it may be the closest thing yet to a practical demonstration of how the devices might be silently hijacked for surveillance.

At the DefCon security conference Sunday, researchers Wu Huiyu and Qian Wenxiang plan to present a technique that chains together a series of bugs in Amazon's second-generation Echo to take over the devices, and stream audio from its microphone to a remote attacker, while offering no clue to the user that the device has been compromised.

Echo owners shouldn't panic: The hackers already alerted Amazon to their findings, and the company pushed out security fixes in July. Even before then, the attack required some serious hardware skills, as well as access to the target Echo's Wi-Fi network—a degree of difficulty that likely means it wouldn't be used against the average Echo owner. But the effort nonetheless sheds new light on how an Echo eavesdropping technique might work against a high-value target.

"After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping," reads a description of their work provided to WIRED by the hackers, who work on the Blade team of security researchers at Chinese tech giant Tencent. "When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker."

The research also raises the specter of more direct physical access attacks on a victim's Echo.

The researchers' attack, though already patched, demonstrates how hackers can tie together a devious collection of tricks to create an intricate multistep penetration technique that works against even a relatively secure gadget like the Echo. They start by taking apart an Echo of their own, removing its flash chip, writing their own firmware to it, and re-soldering the chip back to the Echo's motherboard. That altered Echo will serve as a tool for attacking other Echoes: Using a series of web vulnerabilities in the Alexa interface on Amazon.com that included cross-site scripting, URL redirection, and HTTPS downgrade attacks—all since fixed by Amazon—they say that they could link their hacked Echo with a target user's Amazon account.

If they can then get that doctored Echo onto the same Wi-Fi network as a target device, the hackers can take advantage of a software component of Amazon's speakers, known as Whole Home Audio Daemon, that the devices use to communicate with other Echoes in the same network. That daemon contained a vulnerability that the hackers found they could exploit via their hacked Echo to gain full control over the target speaker, including the ability to make the Echo play any sound they chose, or more worryingly, silently record and transmit audio to a faraway spy.

That requirement that the victim and attacker be on the same Wi-Fi network represents a serious limitation to the attack. It means that, even after some serious hardware hacking, an Echo attacker would have had to know a target's Wi-Fi password or otherwise gain network access. But the researchers argue that an Echo spy could potentially brute force the Wi-Fi password, trick a victim into installing their altered Echo themselves and linking it to their Wi-Fi, or the attack could be performed on Echoes in environments with more widely shared passwords, like hotels and schools.

When WIRED reached out to Amazon about the attack, the company responded in a statement that "customers do not need to take any action as their devices have been automatically updated with security fixes." The spokesperson also wrote that "this issue would have required a malicious actor to have physical access to a device and the ability to modify the device hardware."