Skip to main content
  1. Home
  2. Smart Home
  3. News

Amazon has fixed a bug that allowed hackers to listen in on Alexa devices

By

One of the most convenient things about Amazon’s Echo smart speaker is that Alexa is always ready to listen to your commands. However, a team from the Checkmarx, a security testing firm, wanted to see if that always-on feature could turn the gadget into a hacking device — and it turns out the answer was yes.

Checkmarx was able to create a skill that allowed hackers to listen in on Echo devices and their users’ conversations. Amazon fixed the problem earlier this month, but the incident serves as a cautionary tale as our homes become more connected and voice assistant speakers become more common.

Recommended Videos

Here’s how Checkmarx did it: Ordinarily, Alexa stops listening after it carries out your command and doesn’t start again until you say the “Alexa” wake word. However, the researchers figured out that hackers could take advantage of Alexa’s “re-prompt” feature. If Alexa doesn’t understand what you say the first time, she lets you know that and keeps listening until you repeat yourself.

Related

Checkmarx’s researchers found it would be possible for hackers to develop an Alexa skill that made the virtual assistant continue to listen despite initially understanding a command. They were also able to mute the follow-up Alexa gives, when she asks users to repeat a prompt, thereby making the speaker stay silent but continue to listen. The next part of the Checkmarx hack involved orchestrating a way for Alexa not only to keep listening without people realizing it, but also to transcribe what she heard. Amazon’s servers store the audio content of people when they are speaking to Alexa.

Usually, developers who make skills get transcriptions of those conversations as long as spoken words are in the context of the skill. In this case, Checkmarx’s team made the skill record any word that was part of Alexa’s built-in dictionary.

Users have plenty of security considerations to worry about when it comes to cloud stored-data. With that in mind, Checkmarx’s researchers wanted to ensure their findings held true in real life. They created a seemingly innocent calculator skill that made Alexa keep listening for over a minute until someone from Checkmarx told it to stop. People in the room talked as the skill kept running. They found that, sure enough, the dialogue got captured in a word-for-word transcript, effectively giving a person the ability to “eavesdrop” by reading the text.

Checkmarx reached out to Amazon to tell the company about the device’s flaw earlier this month, and Amazon fixed the problem on April 10.

Amit Ashbel, Checkmarx’s director of product marketing, said Amazon shortened the amount of time Alexa continues to listen and removed the ability to silence Alexa’s reprompting dialog. Those adjustments make it impossible to re-create the hack. Amazon did not comment on the hack.

If you’re worried about Alexa listening in on you, you can always go into the app and delete your history.

Editors’ Recommendations

Topics
Kayla Matthews
Kayla Matthews
Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
Amazon brings Matter support to 17 Echo devices
Echo Show 15 with base.

Amazon has officially rolled out Matter support to a wide variety of devices, including 17 Echo products, as well as smart plugs, light bulbs, and switches. The company says that this is only “phase one” of the rollout, with Matter heading to even more smart home gadgets in 2023.

According to Amazon, this phased rollout will allow the team to bring Matter support to the most popular devices on the market while ensuring the platform remains stable. The list of products included in phase one is quite extensive and encapsulates some of the most popular products on the market. Echo devices were the primary target of the rollout. Here’s a look at every Echo device that now supports Matter:

Read more
The best Amazon Echo tips and tricks
Echo 4th Gen on table.

Amazon Echo devices are some of the most popular smart home hubs on the market. These feature-rich, Alexa-powered smart speakers can do it all -- from playing music and dimming your lights to controlling your home security system and checking your calendar, Alexa makes it easy to automate your daily tasks.

While most Echo users know the basics, there are a lot of incredible features that are hidden below the surface. That’s why we’ve put together this guide. Read on to uncover some impressive features across the Echo lineup and make full use of its versatility.
Change Alexa's name or create a nickname for her to call you
Once you've got your Alexa device up and running on your Wi-Fi network, there are still a few more things you might want to do before diving in, so be sure to head over to echo.amazon.com or download the accompanying smartphone app.

Read more
Alexa has seen me naked, and that’s okay
John Cleese, naked except for a photo held in front of his crotch, in A Fish Called Wanda.

Alexa has seen things.

Alexa has seen everything.

Read more