Tuesday , 14 August 2018
Home >> H >> Hardware >> Amazon Alexa successfully turned into an eavesdropping device

Amazon Alexa successfully turned into an eavesdropping device

AMAZON HAS issued a fix for a bug that was allowing hackers to use Alexa as a listening device.

Security firm Checkmarx successfully exploited a vulnerability that let Alexa listen in from the moment its “Alexa” wake-word was detected.

A similar problem with Google Home Mini led to Google completely disabling one of the buttons on their device.

The next stage was to create a skill for Alexa (in this case a simple calculator) which would record everything being said without arousing suspicion, before sending the results to the hackers.

The only alarm bell to ring from that is the fact that Alexa has a calculator built in – no skill required.

Eavesdropping meant finding a way to avoid any sound and light cues to the user that Alexa was recording, and a way of keeping the connection open for a longer period after it heard “Alexa”. But that was a done – a little too easily.

This is far from the first security concern that Alexa has yielded – the issues magnified by the concerns about the concept of machines that are “always listening”. In reality. Alexa only records around a quarter of a second at a time, overriding it if it doesn’t hear its wake-word.

Amazon was informed of the issue and as of April 10th has ensured that Alexa’s keep-alive for listening cannot be lengthened, it takes action to avoid silent retriggering, and recording cannot now be made to bypass any visual or audio cue from the unit. Amazon has, however, made no official comment.

You can read the full paper here (requires an email address). And if you’re still worried – you can delete anything that Alexa has heard (officially) in the app. If you got caught by something unofficial though, it’s too late, but there’s no evidence that this exploit has ever been used in the wild. µ  

<!–

–>

  • <!–

  • Save this article

  • –>

close
==[ Click Here 1X ] [ Close ]==