Amazon's Alexa Hacked To Surreptitiously Record Everything It Hears!


(Howard) #1

Checkmark, a company who sells a suite of vulnerability checking tools to developers found a way to get Alexa to record conversations! Fortunately, these were good guys and notified Amazon of the vulnerability and shared the script and procedure so they could patch it.

Now Amazon’s app-certification process has been expanded to detect and reject eavesdropping apps but here’s an existential thought for you. What if you convinced Alexa to play subliminal messages interjected by an unethical advertiser, or worse, a crook? [Research on subliminal messaging indicates that it does work] but like hypnosis, most subjects will not do something they would not ordinarily do. I’ve used subliminal MP3 to increase motivation, creativity or skills I want to amplify. Athletes use self-talk to improve their skills. I guess we can expect that these kinds of exploits to continue in a cat and mouse game but hopefully patched in time. I would expect that Smart TV’s, Smartphones and anything with a mike that can be induced to run a rogue script is fair game. Here’s how Checkmarx achieved their hack.

“Voice-activated assistants like Amazon’s Alexa and the Google Assistant are convenient and powerful tools for getting information and carrying out tasks. They also raise privacy questions because they record their interactions with the user and are always-on waiting to hear their wake-up command. What the voice-activated assistants hear and record is limited in normal use, but the potential for abuse is a cause for concern. That potential has now been realized. Alexa has been hacked to surreptitiously record everything it can hear.”