Alexa Skill Developed to Eavesdrop on Conversations, Amazon Fixes Vulnerability

The researchers at cyber-security company Checkmarx hid the malicious application in a simple calculator skill that is meant to solve common mathematics problems. While Alexa is designed to process commands after hearing the “Alexa” wake word and ends the session or wait for another command for a brief moment after processing the first command, the skill in question kept it waiting long after the last communication. The skill also enabled voice recording, without informing users. All this made it possible for the researchers to silently capture conversations from Alexa.

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content