Security researchers at the firm Checkmarx said they found a way to create an Alexa skill that would continue listening to users long after they prompted the software, according to Threatpost. The rogue skill could then send a recording and transcript of any audio to its creators.
Amazon said it has fixed the flaw, which researchers reported to the company before going public with their findings. It’s worth noting that Checkmarx didn’t try to push its skill through Amazon’s certification system to make it available to the public, so we can’t be sure as to whether Amazon has controls in place to avoid skills like this from slipping through. For those interested in learning exactly how the researchers were able to manipulate Alexa, it’s worth reading the whole story.
Blog
Researchers Find Alexa Security Flaw to Spy on Users
-
By Nick V
- May 7, 2018
About the Author
Never miss an update. Subscribe today!
By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
