Ateam of security researchers at Checkmarx have created a “skill” that can turn Amazon’s virtual assistant Alexa into an eavesdropping device. It abuses the built-in request capabilities of the device to record your conversation indefinitely and send the transcripts to any third party website or Amazon.
Alexa has been designed to detect sound at all times to catch any voice command given by the user. It is supposed to exchange data with Amazon servers to process commands only after hearing the wake word which is most commonly ‘Alexa.’