Two stories have come out about hacking the Echo. The first is about physically hacking the Echo to listen in. The second is about potential software to ultrasonically access Alexa or Siri. There’s a bit of an alarmist tone but I’m not sure these are the types of hacks we need to be concerned about.
Physically hacking the Echo is a bit of an overkill for planting a listening device. Planting such a device in a sofa, behind a light, or somewhere else concealed is probably quicker. Also, this hack will become more difficult as future versions of the Echo patch up hardware exposure.
For the ultrasonic hack, DolphinAttack, the risk is only what you can do through the Echo today. Ordering $10,000 in groceries can easily be undone. Perhaps unlocking the front door or other mischief could be annoying or troublesome. However, this is probably a short lived hack as limiting the frequency for accepting commands would shut off this problem. This reminds me of the blue box hack and phreaking.
The bigger threat is much more insidious… actually being able to remotely hack into the device and access a live audio stream. So far, this hasn’t been demonstrated but we can imagine a time when something like a widespread hack of large volumes of recorded personal audio get dumped publicly.