Amazon Echo coded into a silent spy device

By

Transcribed what users said.

Researchers have found a way to make Amazon's Echo device quietly record users and transcribe what they have said.

Amazon Echo coded into a silent spy device

Code testing firm Checkmarx took advantage of the Alexa Skill Kit - the software development tool set that allow programmers create new features and functions for the Alexa digital assistant on the Echo - and wrote a calculator app that could also record speech input unnoticed.

Skills for Alexa can be coded in C#, Java and Javascript, and come with intents which are voice-activated commands such as Cancel, Stop, and Help.

The research [pdf] showed that it was possible to abuse intents to create an app on the Amazon Echo device that would listen for up to 16 seconds, and record users' transcribed speech into a log file.

Thanks to the researchers disabling Alexa from prompting users for further input, there was no indication of the eavesdropping from the device.

Amazon was notified by the researchers and has pushed out an update that stops developers from using empty reprompts for input.

The update is also able to detect unusually long sessions.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?