Researchers say they tricked Alexa into spying on them

Researchers at security firm Checkmarx say they built a proof-of-concept skill for Amazon’s Echo devices that in theory could have voice assistant Alexa listen to, transcribe, and report what users said after they thought they had finished using a legitimate service.
They took advantage of a feature that allows a skill to extend the time it listens to users after it’s been activated if it prompts them for more information by playing an inaudible prompt. That way, their skill, which offered a simple calculator, could keep getting transcripts from Alexa of what users said without them getting any audio cue that the device was still listening. A light would likely have been visible on affected devices, Threatpost reports, but users wouldn’t notice it unless they looked at the device.

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content