Researchers Find Alexa Security Flaw to Spy on Users

Security researchers at the firm Checkmarx said they found a way to create an Alexa skill that would continue listening to users long after they prompted the software, according to Threatpost. The rogue skill could then send a recording and transcript of any audio to its creators. Amazon said it has fixed the flaw, which researchers reported to the company before going public with their findings. It’s worth noting that Checkmarx didn’t try to push its skill through Amazon’s certification system to make it available to the public, so we can’t be sure as to whether Amazon has controls in place to avoid skills like this from slipping through. For those interested in learning exactly how the researchers were able to manipulate Alexa, it’s worth reading the whole story.
Skip to content