Amazon’s Echo is in the crossfire after Wired reported that a security firm found a bug inside Echo’s speakers that allows it to listen to whatever you say even when it has been shut down.
Usually, the user talks into the speaker so as to give a command such as “Alexa, what is the current temperature?”; however, according to the security firm, this bug can easily be exploited as Echo’s personal assistant Alexa will ask you to repeat whenever it doesn’t comprehend.
Security firm Checkmarx explains that the verbal “readback” prompt that Alexa gives typically (so that the user can know that it was actively engaged) can be programmed to keep on listening (and send all whatever it hears to a hacker) while at the same time muting the responses by Alexa.
Checkmarx said that the device is rapidly rising in popularity and listening is the key part for the Echo, but the only fear connected to this kind of devices is privacy; especially in the case of a user’s hearing being recorded unknowingly.
According to Checkmarx, the bug needs only a code so that it can be exploited to take control of all the current features of Amazon echo. The thing worth noting is, this means, the hacker does not need to attack Echo itself but just exploit a weakness existing in the system to spy on whatever the Echo owner says.
Consequently, Amazon said processes are in place so the coding can be stopped,
“We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do.”