ALEXA EAVESDROPPING FLUB RE-SPARKS VOICE ASSISTANT PRIVACY DEBATE
After an Alexa-enabled Echo device recorded and shared a private conversation of its unknowing owners, the tech industry – and the public – is casting a wary eye on voice assistant privacy issues.
On Thursday, news emerged that a Portland family’s Echo device had recorded a conversation of them – without them knowing – and then sent an audio file to one of their contacts.
The impacted couple, whose last name was not reported and who said the incident occurred two weeks ago, told news station KIRO 7 that they realized they were being recorded when the contact who received the file called them to say she received an uncanny voice recording. The couple then called Amazon and notified the tech company about the incident.
Amazon has confirmed the error and offered an explanation of what happened in an emailed statement to Threatpost:
“Echo woke up due to a word in background conversation sounding like “Alexa.” “Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right.
Similar to many others with Alexa-controlled home assistants, the Portland family’s home was wired with Internet of Things-connected Amazon devices to control the house’s heat, lights and security system. The family said that they disconnected everything after the incident.
Many in the tech industry see the incident as yet another example of just how easy it is for Alexa – and other voice assistants – to expose consumers’ private conversations and lives within their homes.
“It is not clear if this was simply a software flaw or a malicious attack, but it is a stark wake-up call nonetheless,” Andreas Kuehlmann, senior vice president and general manager at Synopsys said, in an email. “The reports that a popular voice assistant unexpectedly recorded a personal conversation and leaked information to a third party should be a reminder of the potential security and privacy risks of our… always-connected world.”
Amazon has been under heightened scrutiny before when it comes to privacy issues: In May, a team of researchers found that it is possible to closely mimic legitimate voice commands in order to carry out suspicious actions. In April, Checkmarx researchers launched a malicious proof-of-concept Amazon Echo Skill to show how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices and automatically transcribe every word said.
Source | threatpost