Amazon's Alexa could be tricked into snooping on users, say security researchers

Researchers at Checkmarx were able to build an Alexa skill which could be used to spy on users within earshot. Amazon has now closed the loophole.
Written by Danny Palmer, Senior Writer

Security researchers say they found a way to make Amazon's Alexa digital assistant listen in on its users indefinitely -- and provide a transcript of everything said in front of the device.

Researchers at cybersecurity firm Checkmarx were able to create an Alexa skill -- an application for the voice-activated assistant -- which was able to eavesdrop on users.

"We went through the whole process of how Alexa communicates with the user and tried to take the view of the hacker and go step by step to see how we could leverage something that might seen benign, that might not seem risky but make it a risk," Amit Ashbel, cyber security evangelist at Checkmarx told ZDNet.

TechRepublic: How to build an Amazon Alexa skill without writing code

They created what appeared to be a simple calculator skill for solving maths problems but was actually designed to send transcripts of anything said within earshot of the device back to its creators.

The Alexa service is designed to only be fully awake and listening when the user requests the device to listen. The active cycle is supposed to be relatively short, with Alexa informing the user when an open session is closed and it is going back to sleep. Researchers decided to examine if the way Alexa listens like this could be exploited.

"Since Alexa is listening some of the time, we wanted to see if we could make it listen all of the time and send across sensitive data," Erez Yalon, manager of application security research at Checkmarx told ZDNet.

Once Alexa has performed a task, the code makes a 'ShouldEndSession' query, in order to determine if the session remains open or closed after Alexa reads back text, potentially allowing Alexa to stay active for another session. In order to stay active for another session, Alexa sends the user a vocal prompt, informing them that it is still active.

However, researchers found that Alexa's API accepts an empty reprompt code, allowing the vocal prompt to be silent. That means that while Alexa believes it has told the user that the device is still listening, the user is unaware that this is the case.

The blue light on the Echo could give away that the device is still active, but it's possible that users won't notice, or simply won't be looking at the device.

"We realized the reprompt can be an empty stream, then Alexa will be quiet between cycles, which means we've achieved an endless session with no response to the user," said Yalon.

With the ability to indefinitely eavesdrop on the user now built into the skill, researchers added additional instructions on how to use an handle data, instructing the device to transcribe any words said in front of it, with this information able to be collected and searched.

"You think the session is over, but actually it is continuing all the time, recording your words and sending your transcription to the hacker. There's no limit to the length of the session, the number of words or sentences, it just keeps on going until you turn it off," said Yalon.

"This is not a problem of using it wrong. We didn't really change anything, we didn't really break anything, we just used the flawed design of the system."

See also: Cyberwar: A guide to the frightening future of online conflict

Checkmarx disclosed the findings to Amazon, which told ZDNet that it has acted to ensure that skills can no longer be exploited in this way.

"Customer trust is important to us and we take security and privacy seriously. We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do," a spokesperson said.

The full list of mitigations hasn't been disclosed, but Yalon told ZDNet that "They now detect silent cycles and they don't allow it, so between each iteration, Alexa needs to make a check so the user knows there's an open session".

"It now also detects longer than usual sessions and warns users, so maybe they've mitigated future attacks," he added.

Nonetheless, if a large manufacturer like Amazon can accidentally leave loopholes which can be exploited in it IoT products, it represents "a wakeup call for IoT manufacturers" said Yalon - especially as many IoT products are shipped without proper thought given to security.

"There's no standard regulation for IoT yet. But with great power comes great responsibility and people need to put extra effort into the design of security," Yalon said.


Editorial standards