Alexa Skill Developed to Eavesdrop on Conversations, Amazon Fixes Vulnerability

The researchers at cyber-security company Checkmarx hid the malicious application in a simple calculator skill that is meant to solve common mathematics problems. While Alexa is designed to process commands after hearing the “Alexa” wake word and ends the session or wait for another command for a brief moment after processing the first command, the skill in question kept it waiting long after the last communication. The skill also enabled voice recording, without informing users. All this made it possible for the researchers to silently capture conversations from Alexa.
Skip to content