Voice-enabled personal assistants offer a lot of convenient features, but allowing hackers to spy on you shouldn't be one of them.
Digital Trends reports:
One of the most convenient things about Amazon’s Echo smart speaker is that Alexa is always ready to listen to your commands. However, a team from the Checkmarx, a security testing firm, wanted to see if that always-on feature could turn the gadget into a hacking device—and it turns out the answer was yes.
Checkmarx was able to create a skill that allowed hackers to listen in on Echo devices and their users’ conversations. Amazon fixed the problem earlier this month, but the incident serves as a cautionary tale as our homes become more connected and voice assistant speakers become more common.
Here’s how Checkmarx did it: Ordinarily, Alexa stops listening after it carries out your command and doesn’t start again until you say the “Alexa” wake word. However, the researchers figured out that hackers could take advantage of Alexa’s “re-prompt” feature. If Alexa doesn’t understand what you say the first time, she lets you know that and keeps listening until you repeat yourself.
