Voice-activated assistants like Amazon’s Alexa and the Google Assistant are convenient and powerful tools for getting information and carrying out tasks. They also raise privacy questions because they record their interactions with the user and are always-on waiting to hear their wake-up command. What the voice-activated assistants hear and record is limited in normal use, but the potential for abuse is a cause for concern. That potential has now been realized. Alexa has been hacked to surreptitiously record everything it can hear.
Checkmarx makes a suite of tools for developers to test the security of their software before it’s released to the public. Last January, the company exposed vulnerabilities leading to privacy breaches in the Tinder dating app. Now the researchers at Checkmarx have demonstrated how Alexa can be hacked to record what it hears.