In a shocking development to absolutely no one, Amazon says it’s fixed a vulnerability that allowed its Echo to eavesdrop on users, transcribe everything it hears, and then send it to a third party. From Sophos:
Researchers at information security firm Checkmarx demonstrated what we probably all suspected was possible but hoped wasn’t by tweaking options in Alexa’s software development kit (SDK) – the kit that’s used to develop software, known as skills, for the Echo.
The voice-activated skills are the equivalent of the apps on your phone: discreet bits of software that add capabilities to the device. There are skills for finding open restaurants near you, getting Starbucks started on your coffee order, checking your bank balance, hearing the latest news and turning on the Christmas lights.
And on somebody’s desk at Checkmarx, there’s one for eavesdropping on you. It silently captures transcripts of what you’re saying and sends them to an external log accessible to the researchers who rigged the trap.
No worries, however, since it’s all fixed and everything. It’s perfectly safe to have in your home now, right?