Amazon Alexa Bug Exposed Users’ Voice History to Potential Hackers

Chip Somodevilla/Getty Images
Chip Somodevilla/Getty Images

A recent report from Wired states that independent researchers recently discovered a bug in Amazon’s Alexa devices that may have exposed users’ voice history to hackers. The company claims it has fixed the bug.

Wired magazine reports that Amazon’s smart home assistant, Alexa, has suffered yet another security vulnerability, this time leaving users’ voice history exposed to hackers. The security firm Check Point released a report recently which reveals that Alexa’s web services featured bug that hackers could have exploited to grab a user’s entire voice history including all of their recorded audio interactions with Alexa.

Amazon has since patched the flaw, but the vulnerability could have provided hackers with profile information such as a user’s home address and “skills” or app that they had added to Alexa. Hackers could also have deleted an existing Alexa skill and replaced it with a malicious one to grab more user data.

Oded Vanunu, Check Point’s head of product vulnerability research, commented:  “Virtual assistants are something that you just talk to and answer, and usually you don’t have in your mind some kind of malicious scenarios or concerns. But we found a chain of vulnerabilities in Alexa’s infrastructure configuration that eventually allows a malicious attacker to gather information about users and even install new skills.”

An Amazon spokesperson commented on the report from Check Point, telling Wired in a statement: “The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed.”

Vanunu did note that the vulnerabilities Check Point discovered were well hidden. “This definitely wasn’t a case of an open door and OK, come on in!” Vanunu said. “This was a tricky attack, but we’re glad Amazon took it seriously, because the implications could have been bad with 200 million Alexa devices out there.”

Breitbart News has previously published a full guide on how to stop Amazon listening in on Alexa recordings and delete previous recordings. Read the guide here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

COMMENTS

Please let us know if you're having issues with commenting.