Amazon fixed an Alexa flaw that allowed devices to eavesdrop

It has come to light that Amazon recently fixed a serious bug in Alxea that allowed devices powered by the voice assistant to secretly listen to users’ conversation and even send a transcript of whatever it listens.

Basically, after Alexa processes a command, it’s supposed to stop listening until the user says a wakeup or hot word like “Echo” or “Alexa” again.

However, it was discovered that it’s possible to make Alexa listen indefinitely by taking advantage of its “Reprompt” feature (for complete details head to the links at the bottom).

Researchers at security firm Checkmarx were the ones to spot the vulnerability, which was reported to Amazon earlier this month, and has since been fixed by the company.

“We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do,” the online retail giant said.

Source | Via