
Amazon echo update fixes alexa flaw that let hackers ‘eavesdrop'
- Select a language for the TTS:
- UK English Female
- UK English Male
- US English Female
- US English Male
- Australian Female
- Australian Male
- Language selected: (auto detect) - EN
Play all audios:
Amazon Alexa had a coding exploit that could have let malicious developers turn Echo and Echo Dot gadgets into listening devices. Researchers from security experts Checkmarx discovered the
flaw with Alexa that allowed a Skill to continue listening long after activation. Amit Ashbel, director of product marketing for Checkmarx, said: “As far as we could tell, there was no
limit. “As long as you don't tell it to stop, it wouldn't." Checkmarx said they notified Amazon about the Alexa exploit in April and the retail giant has confirmed the issue
has now been resolved. Speaking to Express.co.uk, an Amazon spokesperson said: “Customer trust is important to us and we take security and privacy seriously. “We have put mitigations in
place for detecting this type of skill behavior and reject or suppress those skills when we do.” Checkmarx discovered the exploit after developing an Alexa skill that allowed it to continue
listening indefinitely, CNET reported. They did this by taking advantage of Alexa’s ‘Reprompt’ feature. When Alexa does not hear your command properly, it continues listening and then asks a
user to repeat the prompt. But Checkmarx found a developer who wrote a code that even if Alexa understood the command it would stay listening. Researchers also found that developers could
mute Alexa so you would not be able to hear the voice assistant asking you to repeat the question. This meant Alexa could continue listening without you being aware. Ashbel said the only
sign that Alexa was still listening was the blue ring around the Echo device. He added: "If I gave Alexa a command, I'm not going to look at Alexa to see what's going on with
the device itself.”