The security of Amazon’s voice assistant has been called into question once again after a man in German was inadvertently granted access to thousands of audio files recorded by a stranger’s Alexa-powered device.
According to the German trade publication C’t Magazine, the unidentified man was sent 1,700 audio recordings of a conversation between another man and a woman after he asked Amazon under GDPR rules to provide his own information that was being held by the retail giant.
The man contacted Amazon over the incident but “never received a response”, says Engadget. He later discovered that the download link containing the audio files “was no longer working”, though he had saved them onto his personal computer.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
C’t Magazine was able to track down the couple after the man submitted the audio recordings to the publication.
An Amazon spokesperson has since told Reuters that the “unfortunate case was the result of a human error and an isolated single case.”
“We resolved the issue with the two customers involved and took measures to further optimise our processes”, the spokesperson said. “As a precautionary measure we contacted the relevant authorities.”
So does Alexa listen to me all the time?
The short answer is no. According to Tech World, Alexa will only listen and record conversations after the “wake word” - Alexa - has been spoken, and anything you then say can be deleted from the device’s history.
Users who do not want Alexa to listen to them at all should press and hold the microphone button on top of their Echo speaker until it turns red, signifying that this feature is switched off.
Regardless of whether the light is red or blue, Amazon has always insisted that its speakers do not snoop on user conversations. However, there have been instances when technical glitches meant Alexa was listening in.
The company issued a seperate fix for Echo smart speakers last month after it was found a software bug was causing the voice assistant to listen continuously in some scenarios, The Daily Telegraph reports.
Adding to the concerns, Alexa-powered speakers spooked a number of Echo owners earlier this year, with the devices reportedly bursting into “creepy” spontaneous laughter.
Are there proven cases of listening without users knowing?
Yes, but Amazon generally has an answer for the apparent anomalies.
In May, an Echo speaker owned by a couple in Portland, Oregon, recorded a private conversation and sent it to a random contact.
The couple had fitted every room in their home with devices powered by the voice assistant and had joked that they were listening in to their conversations.
But the joke came to a swift end when they received a phone call from a friend in Seattle, who told them that they were “being hacked” and that they should “unplug your Alexa devices right now”, Kiro7 reports.
Responding to the incident, Amazon told The Verge that the couple’s voice assistant was believed to have overheard the conversation in a different room and misinterpreted some of the words as commands.
Can Alexa be hacked?
Sort of. During August’s DefCon hacking convention in Las Vegas, reseachers from Chinese tech giant Tencent demonstrated a loophole that allowed them to tap into an Amazon Echo speaker, Wired reports.
Researchers Wu Huiyu and Qian Wenxiang used “a series of bugs” in second-generation versions of Echo speakers to stream real-time audio through the device’s onboard microphone, which Alexa uses to listen out for voice commands, the tech site explains.
“When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker,” the researchers told Wired.
According to TechCrunch, the researchers’ method is “very difficult to execute”, as hackers need to physically upload special code to an Echo before connecting it to the same Wi-Fi network as the target’s Alexa-powered speaker.
Tencent alerted Amazon before publishing their report, prompting the retail giant to release an firmware update to fix the security loophole.
An Amazon spokesperson told The Sun: “Customers do not need to take any action as their devices have been automatically updated with security fixes.”
Nevertheless, the loophole, “though already patched, demonstrates how hackers can tie together a devious collection of tricks to create an intricate multistep penetration technique”, says Wired.
-
Film reviews: Eden and Honey Don't!Feature Seekers of a new utopia spiral into savagery and a queer private eye prowls a high-desert town
-
Critics' choice: Three chefs fulfilling their ambitionsFeature Kwame Onwuachi's grand second act, Travis Lett makes a comeback, and Jeff Watson's new Korean restaurant
-
Trump soaks up adoration in his made-for-TV Cabinet meetingsIN THE SPOTLIGHT The president's televised sessions have become a platform for his top lieutenants to demonstrate executive flattery
-
Deep thoughts: AI shows its math chopsFeature Google's Gemini is the first AI system to win gold at the International Mathematical Olympiad
-
The jobs most at risk from AIThe Explainer Sales and customer services are touted as some of the key jobs that will be replaced by AI
-
Why AI means it's more important than ever to check terms and conditionsIn The Spotlight WeTransfer row over training AI models on user data shines spotlight on dangers of blindly clicking 'Accept'
-
Are AI lovers replacing humans?Talking Points A third of Gen Z singles use tech as a 'romantic companion'
-
Palantir: The all-seeing tech giantFeature Palantir's data-mining tools are used by spies and the military. Are they now being turned on Americans?
-
Grok brings to light wider AI antisemitismIn the Spotlight Google and OpenAI are among the other creators who have faced problems
-
Intellectual property: AI gains at creators' expenseFeature Two federal judges ruled that it is fair use for AI firms to use copyrighted media to train bots
-
Is AI killing the internet?Talking Point AI-powered browsers and search engines are threatening the death of the open web
