Amazon fixed an Alexa flaw that allowed devices to eavesdrop

Himanshu, 26 April 2018

It has come to light that Amazon recently fixed a serious bug in Alxea that allowed devices powered by the voice assistant to secretly listen to users' conversation and even send a transcript of whatever it listens.

Basically, after Alexa processes a command, it's supposed to stop listening until the user says a wakeup or hot word like "Echo" or "Alexa" again.

However, it was discovered that it's possible to make Alexa listen indefinitely by taking advantage of its "Reprompt" feature (for complete details head to the links at the bottom).

Researchers at security firm Checkmarx were the ones to spot the vulnerability, which was reported to Amazon earlier this month, and has since been fixed by the company.

"We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do," the online retail giant said.

Source | Via


Related

Reader comments

  • singit

no surprise. just like swiftkey recording all of your emails and texts and pass words and bank details that you type into your phone... everything you enter. all recorded and uploaded to their server.

  • Anonymous

Beat me to it.

This is why you shall not keep adding all those newly released IoT devices to your home. I wonder how things would turn out if flaws in a service, like Amazon Key service would be found.

Popular articles

More

Popular devices