Skip to main content
  1. Home
  2. Smart Home
  3. News

Amazon has fixed a bug that allowed hackers to listen in on Alexa devices

Add as a preferred source on Google
Image used with permission by copyright holder

One of the most convenient things about Amazon’s Echo smart speaker is that Alexa is always ready to listen to your commands. However, a team from the Checkmarx, a security testing firm, wanted to see if that always-on feature could turn the gadget into a hacking device — and it turns out the answer was yes.

Checkmarx was able to create a skill that allowed hackers to listen in on Echo devices and their users’ conversations. Amazon fixed the problem earlier this month, but the incident serves as a cautionary tale as our homes become more connected and voice assistant speakers become more common.

Recommended Videos

Here’s how Checkmarx did it: Ordinarily, Alexa stops listening after it carries out your command and doesn’t start again until you say the “Alexa” wake word. However, the researchers figured out that hackers could take advantage of Alexa’s “re-prompt” feature. If Alexa doesn’t understand what you say the first time, she lets you know that and keeps listening until you repeat yourself.

Checkmarx’s researchers found it would be possible for hackers to develop an Alexa skill that made the virtual assistant continue to listen despite initially understanding a command. They were also able to mute the follow-up Alexa gives, when she asks users to repeat a prompt, thereby making the speaker stay silent but continue to listen. The next part of the Checkmarx hack involved orchestrating a way for Alexa not only to keep listening without people realizing it, but also to transcribe what she heard. Amazon’s servers store the audio content of people when they are speaking to Alexa.

Usually, developers who make skills get transcriptions of those conversations as long as spoken words are in the context of the skill. In this case, Checkmarx’s team made the skill record any word that was part of Alexa’s built-in dictionary.

Users have plenty of security considerations to worry about when it comes to cloud stored-data. With that in mind, Checkmarx’s researchers wanted to ensure their findings held true in real life. They created a seemingly innocent calculator skill that made Alexa keep listening for over a minute until someone from Checkmarx told it to stop. People in the room talked as the skill kept running. They found that, sure enough, the dialogue got captured in a word-for-word transcript, effectively giving a person the ability to “eavesdrop” by reading the text.

Checkmarx reached out to Amazon to tell the company about the device’s flaw earlier this month, and Amazon fixed the problem on April 10.

Amit Ashbel, Checkmarx’s director of product marketing, said Amazon shortened the amount of time Alexa continues to listen and removed the ability to silence Alexa’s reprompting dialog. Those adjustments make it impossible to re-create the hack. Amazon did not comment on the hack.

If you’re worried about Alexa listening in on you, you can always go into the app and delete your history.

Kayla Matthews
Former Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
Beatbot’s AI pool cleaners aim to keep your Summer celebration going during peak season with deep discounts
Beatbot's Summer Pool Carnival offers deep discounts on a widely-acclaimed line-up of pool cleaners. Go, grab one this July!
beatbot discounts

As the World Cup heats up and Independence Day backyard gatherings loom, pool owners face a familiar summer paradox. The busier the social calendar gets, the harder it becomes to keep a pool in top shape. Enter Beatbot, the intelligent pool care brand positioning itself as the invisible infrastructure behind uninterrupted summer fun. In our reviews, offerings like the Beatbot Sora 70 and AquaSense 2 Ultra hammered that appeal with a mix of solid performance and a thoughtful feature set. If that sounds appealing, Beatbot's Summer Pool Carnival is offering deep discounts of up to 44%, starting July 1st.

The flagship offering is the AquaSense 2 Ultra, positioned as the world's first AI-powered 5-in-1 robotic pool cleaner. It combines floor, wall, waterline, and surface cleaning with integrated water clarification. The whole kit is held in place by Beatbot's HybridSense AI Vision System and CleverNav AI Path Planning. The system handles intelligent obstacle avoidance, adaptive route optimization, and even night cleaning, allowing homeowners to skip manual maintenance entirely.

Read more
SwitchBot’s new outdoor security camera uses AI to describe activity around your home
This 3K outdoor camera can explain what happened and search footage by prompt
Person, Security, Appliance

SwitchBot has launched the Outdoor Pan/Tilt Cam 3K in North America and the UK, adding a new outdoor security camera for monitoring yards, driveways, entrances, garages, and small shops.

The camera is designed to cover a wider area than a fixed security camera. It can rotate horizontally and vertically, follow moving subjects, record in 3K resolution, and use AI to summarize what happened in a clip, such as a delivery arriving, an animal entering the yard, or someone approaching the house.

Read more