Security researchers from Checkmarx just confirmed what everyone always suspected: Alexa listens to your every move. While it was obvious that Alexa had to listen in order to react to her name or Echo, the same team of researchers also confirmed a few paranoid theories, as well as a few security fears.
They easily created an Alexa skill that turned the device into a surveillance nightmare, being able to listen in and transcribe any conversation you have around an Amazon device featuring the smart assistant. By using the “Reprompt” feature, they bypassed Alexa’s usual behavior of NOT listening after carrying a command. So, Alexa could listen again whenever the original command was not understood.
“As far as we could tell, there was no limit. As long as you don’t tell it to stop, it wouldn’t,” said Amit Ashbel, a Checkmarx representative.
The security researchers quickly disclosed the vulnerability to Amazon which, to give credit where credit is due, reacted promptly and eliminated the issues.
“Customer trust is important to us and we take security and privacy seriously. We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do,” reassured Amazon.
Indeed, since April 10, Amazon released fixes to eliminate that security hole.