On April 25, security firm Checkmarx publicly disclosed that it has found that a malicious developer can trick Amazon’s Alexa voice assistant technology to record everything a user says. At this time, it’s not clear if any hackers have ever exploited the flaw, which is not in the Amazon Echo hardware, but rather is an abuse of functionality in the Alexa Skills feature set. Developers can extend Alexa’s technology by building skills that provide new functionality for end users. Checkmarx found that there were several unbounded parameters that were available to Alexa skills developers that could have enabled a malicious developer to record and even transcribe what a user says, even after the user had finished communicating with the device.
ORIGINAL SOURCE: e-Week