Amazon echo update fixes alexa flaw that let hackers ‘eavesdrop'

Amazon echo update fixes alexa flaw that let hackers ‘eavesdrop'


Play all audios:

Loading...

Amazon Alexa had a coding exploit that could have let malicious developers turn Echo and Echo Dot gadgets into listening devices. Researchers from security experts Checkmarx discovered the


flaw with Alexa that allowed a Skill to continue listening long after activation. Amit Ashbel, director of product marketing for Checkmarx, said: “As far as we could tell, there was no


limit. “As long as you don't tell it to stop, it wouldn't." Checkmarx said they notified Amazon about the Alexa exploit in April and the retail giant has confirmed the issue


has now been resolved. Speaking to Express.co.uk, an Amazon spokesperson said: “Customer trust is important to us and we take security and privacy seriously. “We have put mitigations in


place for detecting this type of skill behavior and reject or suppress those skills when we do.” Checkmarx discovered the exploit after developing an Alexa skill that allowed it to continue


listening indefinitely, CNET reported. They did this by taking advantage of Alexa’s ‘Reprompt’ feature. When Alexa does not hear your command properly, it continues listening and then asks a


user to repeat the prompt. But Checkmarx found a developer who wrote a code that even if Alexa understood the command it would stay listening. Researchers also found that developers could


mute Alexa so you would not be able to hear the voice assistant asking you to repeat the question. This meant Alexa could continue listening without you being aware. Ashbel said the only


sign that Alexa was still listening was the blue ring around the Echo device. He added: "If I gave Alexa a command, I'm not going to look at Alexa to see what's going on with


the device itself.”