Amazon fixed an Alexa flaw that allowed devices to eavesdrop
It has come to light that Amazon recently fixed a serious bug in Alxea that allowed devices powered by the voice assistant to secretly listen to users' conversation and even send a transcript of whatever it listens.
Basically, after Alexa processes a command, it's supposed to stop listening until the user says a wakeup or hot word like "Echo" or "Alexa" again.
However, it was discovered that it's possible to make Alexa listen indefinitely by taking advantage of its "Reprompt" feature (for complete details head to the links at the bottom).
Researchers at security firm Checkmarx were the ones to spot the vulnerability, which was reported to Amazon earlier this month, and has since been fixed by the company.
"We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do," the online retail giant said.
Related
Reader comments
- singit
- 28 Apr 2018
- nGy
no surprise. just like swiftkey recording all of your emails and texts and pass words and bank details that you type into your phone... everything you enter. all recorded and uploaded to their server.
- Anonymous
- 28 Apr 2018
- j2K
Beat me to it.
- LostInTheReality
- 27 Apr 2018
- DE1
This is why you shall not keep adding all those newly released IoT devices to your home. I wonder how things would turn out if flaws in a service, like Amazon Key service would be found.