Skip to main content
  1. Home
  2. Smart Home
  3. News

Amazon has fixed a bug that allowed hackers to listen in on Alexa devices

By
Add as a preferred source on Google
Image used with permission by copyright holder

One of the most convenient things about Amazon’s Echo smart speaker is that Alexa is always ready to listen to your commands. However, a team from the Checkmarx, a security testing firm, wanted to see if that always-on feature could turn the gadget into a hacking device — and it turns out the answer was yes.

Checkmarx was able to create a skill that allowed hackers to listen in on Echo devices and their users’ conversations. Amazon fixed the problem earlier this month, but the incident serves as a cautionary tale as our homes become more connected and voice assistant speakers become more common.

Recommended Videos

Here’s how Checkmarx did it: Ordinarily, Alexa stops listening after it carries out your command and doesn’t start again until you say the “Alexa” wake word. However, the researchers figured out that hackers could take advantage of Alexa’s “re-prompt” feature. If Alexa doesn’t understand what you say the first time, she lets you know that and keeps listening until you repeat yourself.

Checkmarx’s researchers found it would be possible for hackers to develop an Alexa skill that made the virtual assistant continue to listen despite initially understanding a command. They were also able to mute the follow-up Alexa gives, when she asks users to repeat a prompt, thereby making the speaker stay silent but continue to listen. The next part of the Checkmarx hack involved orchestrating a way for Alexa not only to keep listening without people realizing it, but also to transcribe what she heard. Amazon’s servers store the audio content of people when they are speaking to Alexa.

Usually, developers who make skills get transcriptions of those conversations as long as spoken words are in the context of the skill. In this case, Checkmarx’s team made the skill record any word that was part of Alexa’s built-in dictionary.

Users have plenty of security considerations to worry about when it comes to cloud stored-data. With that in mind, Checkmarx’s researchers wanted to ensure their findings held true in real life. They created a seemingly innocent calculator skill that made Alexa keep listening for over a minute until someone from Checkmarx told it to stop. People in the room talked as the skill kept running. They found that, sure enough, the dialogue got captured in a word-for-word transcript, effectively giving a person the ability to “eavesdrop” by reading the text.

Checkmarx reached out to Amazon to tell the company about the device’s flaw earlier this month, and Amazon fixed the problem on April 10.

Amit Ashbel, Checkmarx’s director of product marketing, said Amazon shortened the amount of time Alexa continues to listen and removed the ability to silence Alexa’s reprompting dialog. Those adjustments make it impossible to re-create the hack. Amazon did not comment on the hack.

If you’re worried about Alexa listening in on you, you can always go into the app and delete your history.

Kayla Matthews
Kayla Matthews
Former Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
Topics
Beyond the Boundary Wire: How Yardcare and the New N1600PRO are Leading the Robotic Mower Revolution
With automated routes and advanced mapping, Yardcare N1600 PRO robot lawn mower is made to meet modern lifestyle with smart precision.
Grass, Lawn, Plant

The weekend morning dread is a real situation, and homeowners know it pretty well. I've often woken up with the realization that the next few hours will be spent toiling with the hum of a petrol engine machine and hours of pushing a heavy mower around the yard. We’ve all been there, sweating under the sun, in our quest to achieve a green carpet that looks fine at best, but rarely ever achieves the work done by an expert. A fully automated solution should address all those problems, but finding a reliable one isn't a cakewalk.

The hassles of setting up boundary wire, mastering the navigation, and requiring constant manual supervision don't really sound like an autonomous dream. But tech is finally catching up, and one of its best specimens is Yardcare’s N1600PRO. The latest from Yardcare ensures that lawn care no longer means non-stop manual effort, but relaxed efficiency. If you're a homeowner who is increasingly leaning toward automation to take care of your yard space, Yardcare is here to help you make that smart shift with the N1600PRO.

Read more
Apple is reportedly sitting on new products because Siri AI isn’t ready
Inventory shortages suggest launches are near, but delays tell a different story
Apple HomePod Featured

Apple might have new products ready to go, but it’s just not launching them yet. According to a recent report from Bloomberg, inventory for devices like the HomePod, HomePod mini, and Apple TV is running low across Apple Stores globally.

Normally, that’s a clear sign that refreshed models are around the corner. But this time, there’s a twist. Apple is reportedly holding back releases because its next-generation Siri and AI features aren’t ready yet.

Read more
Google Home update soups up Gemini and fixes frustrating papercuts
The latest Google Home update speeds up Gemini, adds new languages, and fixes recurring annoyances to make voice control smoother and smarter.
Gemini for Home devices

Google is rolling out a fresh update for the Google Home app that makes Gemini a lot more useful in day-to-day use, while also addressing several small but frustrating issues that have been holding it back. The new release follows an update from earlier this month that also brought performance improvements and bug fixes for Gemini's smart home voice controls.

What's new with Gemini for Home?

Read more