Amazon Echo speakers listen out for the word “Alexa”, the name of its voice assistant, before completing a command, like “Alexa, read tell me today’s news”. Any interaction with Alexa is recorded to improve the service, but once the command is finished, Alexa stops recording.
But security researchers from Checkmarx developed an Alexa Skill that would have been an Echo user’s worst nightmare. The Skill, a voice app that can be installed on an Echo speaker, would keep Alexa listening long after it should have switched itself off and automatically transcribe what it hears for an attacker.
When an Alexa skill completes its task it is supposed to stop listening. However, sometimes Alexa doesn’t hear a command correctly, which will lead the Echo to ask for the user to repeat it. This “re-prompt” feature could be exploited, the researchers found, and be programmed to carry on listening, while muting Alexa’s responses.
FOLLOW THE LINK FOR THE FULL REPORT – JR