A million dollar worth question: is Alexa actually spying on its users? Having someone listen on your private conversations is an uncomfortable reality that many users and security researchers have wondered about. Specialists from Checkmarx have published an article, revealing that Amazon Alexa can easily be turned into a spying tool, recording users’ conversations and other sounds around it. As far as we are concerned, people value their privacy. No wonder Facebook was grilled so many times for not managing their users’ data properly.
Amazon Echo can secretly record your conversations and send them to third-parties
Amazon Echo is a voice-activated device smart home speaker which allows people to turn on music, change the lighting in the house, to set alarms and perform other actions without having to move a muscle. All people have to do is say “Alexa” and the device is activated. After Alexa performs the assigned task, it ends a session and sleeps until the next time the owner says “Alexa”. To provide even a wider range of features, the Amazon Echo allows developers to include unique skills“. This is the opportunity that researchers from Checkmarx security company decided to explore.
Researchers explain that using the Amazon Echo can definitely improve people’s lives. However, when buying such a device, you would not be expecting it to listen to, transcribe and report your every word. However, the helpful assistant Alexa is not easy to control. Specialists from Checkmarx were interest in creating a proof-of-concept skill for Amazon’s Echo devices. Long story short, they exploited one specific feature in these Amazon’s devices: the skill to extend the time the tool records users after being activated if it prompts them for more information by playing an inaudible prompt. Therefore, Alexa would continue on listening on users and sending the received sounds to a third-party.
How is the malicious feature in Amazon Echo activated? Is the secretive recording noticeable?
The malicious feature is activated when a user says Alexa, open calculator. Instead of launching one session, Amazon Echo initiates two. While the first one ends after the assigned task is completed, the second continues and records all background sounds. If you think that is done very secretly, you are wrong and right at the same time. While the device is recording, the blue light on the Amazon Echo is on. If you notice that this light is on even though you are not interacting with Alexa, you should be worried.
The researchers informed Amazon of this possibly dangerous vulnerability, and they responded with a promise to keep scanning Amazon Echo for any malicious features. After all, no one wants to own a tool that can secretly spy on them and send their conversations to unknown third-parties. Since Alexa is not very secretive when it is recording people, you should be able to notice when it is eavesdropping on you when it is not supposed.