Amazon has fixed a bug that allowed hackers to listen in on Alexa devices

amazon alexa laugh echo night creepy feature

One of the most convenient things about Amazon’s Echo smart speaker is that Alexa is always ready to listen to your commands. However, a team from the Checkmarx, a security testing firm, wanted to see if that always-on feature could turn the gadget into a hacking device — and it turns out the answer was yes.

Checkmarx was able to create a skill that allowed hackers to listen in on Echo devices and their users’ conversations. Amazon fixed the problem earlier this month, but the incident serves as a cautionary tale as our homes become more connected and voice assistant speakers become more common.

Here’s how Checkmarx did it: Ordinarily, Alexa stops listening after it carries out your command and doesn’t start again until you say the “Alexa” wake word. However, the researchers figured out that hackers could take advantage of Alexa’s “re-prompt” feature. If Alexa doesn’t understand what you say the first time, she lets you know that and keeps listening until you repeat yourself.

Checkmarx’s researchers found it would be possible for hackers to develop an Alexa skill that made the virtual assistant continue to listen despite initially understanding a command. They were also able to mute the follow-up Alexa gives, when she asks users to repeat a prompt, thereby making the speaker stay silent but continue to listen. The next part of the Checkmarx hack involved orchestrating a way for Alexa not only to keep listening without people realizing it, but also to transcribe what she heard. Amazon’s servers store the audio content of people when they are speaking to Alexa.

Usually, developers who make skills get transcriptions of those conversations as long as spoken words are in the context of the skill. In this case, Checkmarx’s team made the skill record any word that was part of Alexa’s built-in dictionary.

Users have plenty of security considerations to worry about when it comes to cloud stored-data. With that in mind, Checkmarx’s researchers wanted to ensure their findings held true in real life. They created a seemingly innocent calculator skill that made Alexa keep listening for over a minute until someone from Checkmarx told it to stop. People in the room talked as the skill kept running. They found that, sure enough, the dialogue got captured in a word-for-word transcript, effectively giving a person the ability to “eavesdrop” by reading the text.

Checkmarx reached out to Amazon to tell the company about the device’s flaw earlier this month, and Amazon fixed the problem on April 10.

Amit Ashbel, Checkmarx’s director of product marketing, said Amazon shortened the amount of time Alexa continues to listen and removed the ability to silence Alexa’s reprompting dialog. Those adjustments make it impossible to re-create the hack. Amazon did not comment on the hack.

If you’re worried about Alexa listening in on you, you can always go into the app and delete your history.

Product Review

Kwikset Kevo Contemporary review

Tired of carrying around keys? Make keyless entry so easy that all you have to do is have your phone nearby to open the door. It’s a little pricey, but sleek lines and simple features make the Kwikset Kevo Contemporary a great choice for…
Deals

Amazon knocks $50 off the Sonos Beam soundbar and smart speaker

If you're looking to add some oomph to your home audio setup, then through February 3, the Alexa-enabled Sonos Beam is on sale for $50 off, bringing this excellent sound bar down to just $349 on Amazon.
Smart Home

Amazon patents a technology to help Alexa fight fake voice attacks

Amazon filed a patent this month for a new technology that looks like it would help its digital assistant Alexa fight fake voice attacks that could potentially fool Alexa's biometric security protocols.
Smart Home

This just in: Alexa can now deliver the news like a professional newscaster

The Amazon Alexa team has given Alexa a newscaster voice that improves the way she delivers the news and reads Wikipedia articles, making the smart assistant easier to understand.
Home Theater

Polk Audio’s Command Bar joins Alexa’s multiroom music party

Polk's Command Bar is a home theater soundbar with Alexa built in. But with a new update, it can also be grouped with Amazon's Echo products and other third-party speakers for a multi-room experience.
Smart Home

GHSP makes a (back)splash with its touchscreen concept kitchen

One of the coolest concept kitchens from CES 2019 came from GHSP. It created a backsplash entirely made of touchscreens. That means the control panel for your kitchen is accessible no matter where you are.
Health & Fitness

In search of the fountain of youth, beauty companies turn to tech

Beauty tech is a fairly new concept, but at CES 2019, companies such as Olay, L’Oreal, and Neutrogena were fully embracing it with all kinds of gadgets that promise to give you glowing skin.
Smart Home

Airbnb says sorry to guest for how it dealt with undisclosed security camera

An Airbnb guest recently found a surveillance camera in his rental apartment that hadn't been properly disclosed in the listing. The firm admits its initial response to the guest's complaint was poor, but has since made amends.
Smart Home

Thinking of buying an Instant Pot? Here's what you need to know

The Instant Pot is a powerful kitchen appliance that does everything from pressure cook to to slow cook to steam. Heck, you can even make yogurt in it. Here's all you need to know about the magic device.
Smart Home

Want a smarter home? Ditch the keys with these great smart locks

A good smart lock should offer a combination of security and convenience. Fortunately, these devices keep your home protected, your family safe, and your belongings secure from possible intruders.
Smart Home

The best sous vide machines cook your food perfectly, every single time

Want to make four-star meals from the comforts of your own kitchen? Here are the best sous vide machines available right now, whether you prefer simple immersion circulators or something more complex.
Smart Home

Busted: Facebook Portal gets 5-star reviews from company employees

It's fair to say that Facebook's Portal smart display received a tepid response at launch, so it was something of a surprise to see lots of glowing reviews of the device on Amazon. Turns out some were written by Facebook workers.
Smart Home

Idaho mother says her child’s light-up sippy cup exploded

After a mother filled a Nuby insulated light-up cup with milk, the cup allegedly exploded. The incident caused burns to the mother's hand and face and a stinging sensation in her lungs that required a trip to the hospital.
Smart Home

Project Alias is a ‘smart parasite’ that stops smart speakers from listening

Two designers chose to do something about nosy smart speakers. The result is Project Alias, a "smart parasite" that whispers nonsense to Google Home and Alexa until it hears a specific wake word.