How about it if there is a listening device in your home that records all the conversations you make? Yes, Amazon’s Echo, Alexa had a vulnerability that enabled cyber-security experts to get this done. And all unknowing to the user making the conversation!
The working of Alexa goes like this; Alexa is trained to execute the user commands after the utterance of a code word, ‘Alexa’. On execution of the command, there are two options, the session with Alexa ends or it is kept open for a very short period for allowing the user to give another command if he wishes to. Here, lies the vulnerability! Professionals from a cyber-security firm, Checkmarx found a way of incorporating a skill into Alexa through the calculator app that would unknowing to the user record all his conversations. When a second session is opened through the calculator app mode, no voice prompt is provided by Alexa about the activeness of the session opened for the second time. The device goes on recording conversations and this information is available to the creators of the skill.
The major giveaway which indicates the continuance of Alexa’s working is the glimmer of blue light on the device. However, this is often ignored or overlooked by the user. This vulnerability which came to the notice of the cyber-security firm was indicated to Amazon who undertook immediate steps to rectify it. Henceforth, abnormally long sessions which involve the continuance of live recording microphone will be automatically shut down by the device.
The e-commerce giant indicated that it valued customer trust above anything else but the security concerns associated with the voice assisting device will continue to remain. With Amazon sharing a major portion of the transcribed data from Alexa with the law enforcement agencies, it is better not to take the presence of an Amazon Echo in your home too lightly!
A device that can listen to all of your conversations is definitely a very chilling thought!