The security of Amazon’s voice assistant has been called into question once again after a man in German was inadvertently granted access to thousands of audio files recorded by a stranger’s Alexa-powered device.
According to the German trade publication C’t Magazine, the unidentified man was sent 1,700 audio recordings of a conversation between another man and a woman after he asked Amazon under GDPR rules to provide his own information that was being held by the retail giant.
The man contacted Amazon over the incident but “never received a response”, says Engadget. He later discovered that the download link containing the audio files “was no longer working”, though he had saved them onto his personal computer.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
C’t Magazine was able to track down the couple after the man submitted the audio recordings to the publication.
An Amazon spokesperson has since told Reuters that the “unfortunate case was the result of a human error and an isolated single case.”
“We resolved the issue with the two customers involved and took measures to further optimise our processes”, the spokesperson said. “As a precautionary measure we contacted the relevant authorities.”
So does Alexa listen to me all the time?
The short answer is no. According to Tech World, Alexa will only listen and record conversations after the “wake word” - Alexa - has been spoken, and anything you then say can be deleted from the device’s history.
Users who do not want Alexa to listen to them at all should press and hold the microphone button on top of their Echo speaker until it turns red, signifying that this feature is switched off.
Regardless of whether the light is red or blue, Amazon has always insisted that its speakers do not snoop on user conversations. However, there have been instances when technical glitches meant Alexa was listening in.
The company issued a seperate fix for Echo smart speakers last month after it was found a software bug was causing the voice assistant to listen continuously in some scenarios, The Daily Telegraph reports.
Adding to the concerns, Alexa-powered speakers spooked a number of Echo owners earlier this year, with the devices reportedly bursting into “creepy” spontaneous laughter.
Are there proven cases of listening without users knowing?
Yes, but Amazon generally has an answer for the apparent anomalies.
In May, an Echo speaker owned by a couple in Portland, Oregon, recorded a private conversation and sent it to a random contact.
The couple had fitted every room in their home with devices powered by the voice assistant and had joked that they were listening in to their conversations.
But the joke came to a swift end when they received a phone call from a friend in Seattle, who told them that they were “being hacked” and that they should “unplug your Alexa devices right now”, Kiro7 reports.
Responding to the incident, Amazon told The Verge that the couple’s voice assistant was believed to have overheard the conversation in a different room and misinterpreted some of the words as commands.
Can Alexa be hacked?
Sort of. During August’s DefCon hacking convention in Las Vegas, reseachers from Chinese tech giant Tencent demonstrated a loophole that allowed them to tap into an Amazon Echo speaker, Wired reports.
Researchers Wu Huiyu and Qian Wenxiang used “a series of bugs” in second-generation versions of Echo speakers to stream real-time audio through the device’s onboard microphone, which Alexa uses to listen out for voice commands, the tech site explains.
“When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker,” the researchers told Wired.
According to TechCrunch, the researchers’ method is “very difficult to execute”, as hackers need to physically upload special code to an Echo before connecting it to the same Wi-Fi network as the target’s Alexa-powered speaker.
Tencent alerted Amazon before publishing their report, prompting the retail giant to release an firmware update to fix the security loophole.
An Amazon spokesperson told The Sun: “Customers do not need to take any action as their devices have been automatically updated with security fixes.”
Nevertheless, the loophole, “though already patched, demonstrates how hackers can tie together a devious collection of tricks to create an intricate multistep penetration technique”, says Wired.
Create an account with the same email registered to your subscription to unlock access.