Instead of re-flashing an echo, why not pre-hack an echo and plug it in?
Anyway, the vuln has been fixed.
Amazon's eating its own dog food when it comes to managing the Alexa ecosystem, so if you want a place to start take a look at amazon's IoT infrastructure; it's pretty tight. You'll have more success ripping the client cert off of an echo and using it to abuse the system, at least until the cert is revoked. The big weakness right now is that there's no way to prevent someone from -attempting- to connect - a revoked cert will still eat resources at some level.
Biting the hand that feeds IT
