The security of Amazon’s voice assistant has been called into question once again after a man in German was inadvertently granted access to thousands of audio files recorded by a stranger’s Alexa-powered device.
According to the German trade publication C’t Magazine, the unidentified man was sent 1,700 audio recordings of a conversation between another man and a woman after he asked Amazon under GDPR rules to provide his own information that was being held by the retail giant.
The man contacted Amazon over the incident but “never received a response”, says Engadget. He later discovered that the download link containing the audio files “was no longer working”, though he had saved them onto his personal computer.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
C’t Magazine was able to track down the couple after the man submitted the audio recordings to the publication.
An Amazon spokesperson has since told Reuters that the “unfortunate case was the result of a human error and an isolated single case.”
“We resolved the issue with the two customers involved and took measures to further optimise our processes”, the spokesperson said. “As a precautionary measure we contacted the relevant authorities.”
So does Alexa listen to me all the time?
The short answer is no. According to Tech World, Alexa will only listen and record conversations after the “wake word” - Alexa - has been spoken, and anything you then say can be deleted from the device’s history.
Users who do not want Alexa to listen to them at all should press and hold the microphone button on top of their Echo speaker until it turns red, signifying that this feature is switched off.
Regardless of whether the light is red or blue, Amazon has always insisted that its speakers do not snoop on user conversations. However, there have been instances when technical glitches meant Alexa was listening in.
The company issued a seperate fix for Echo smart speakers last month after it was found a software bug was causing the voice assistant to listen continuously in some scenarios, The Daily Telegraph reports.
Adding to the concerns, Alexa-powered speakers spooked a number of Echo owners earlier this year, with the devices reportedly bursting into “creepy” spontaneous laughter.
Are there proven cases of listening without users knowing?
Yes, but Amazon generally has an answer for the apparent anomalies.
In May, an Echo speaker owned by a couple in Portland, Oregon, recorded a private conversation and sent it to a random contact.
The couple had fitted every room in their home with devices powered by the voice assistant and had joked that they were listening in to their conversations.
But the joke came to a swift end when they received a phone call from a friend in Seattle, who told them that they were “being hacked” and that they should “unplug your Alexa devices right now”, Kiro7 reports.
Responding to the incident, Amazon told The Verge that the couple’s voice assistant was believed to have overheard the conversation in a different room and misinterpreted some of the words as commands.
Can Alexa be hacked?
Sort of. During August’s DefCon hacking convention in Las Vegas, reseachers from Chinese tech giant Tencent demonstrated a loophole that allowed them to tap into an Amazon Echo speaker, Wired reports.
Researchers Wu Huiyu and Qian Wenxiang used “a series of bugs” in second-generation versions of Echo speakers to stream real-time audio through the device’s onboard microphone, which Alexa uses to listen out for voice commands, the tech site explains.
“When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker,” the researchers told Wired.
According to TechCrunch, the researchers’ method is “very difficult to execute”, as hackers need to physically upload special code to an Echo before connecting it to the same Wi-Fi network as the target’s Alexa-powered speaker.
Tencent alerted Amazon before publishing their report, prompting the retail giant to release an firmware update to fix the security loophole.
An Amazon spokesperson told The Sun: “Customers do not need to take any action as their devices have been automatically updated with security fixes.”
Nevertheless, the loophole, “though already patched, demonstrates how hackers can tie together a devious collection of tricks to create an intricate multistep penetration technique”, says Wired.
Continue reading for free
We hope you're enjoying The Week's refreshingly open-minded journalism.
Subscribed to The Week? Register your account with the same email as your subscription.
-
Is Donald Trump finished in New York?Today's Big Question How the former president's fraud ruling could ruin him in the city that made him famous
-
Windmill whales
Cartoons
-
Why the FTC antitrust lawsuit against Amazon is so consequential
Talking Point While it's not the first case the federal agency brought against the company, it might be the biggest challenge yet
-
Can Meta woo Gen Z with AI chatbots?
Talking Point Meta is set to release the first of dozens of AI 'personas' aimed at driving Gen Z engagement
-
Sam Altman: the OpenAI CEO leading the AI revolution
Why Everyone’s Talking About The Silicon Valley entrepreneur is pushing AI into the mainstream while actively warning of its dangers
-
Alexandr Wang: the world’s youngest self-made billionaire shaking up tech
Why Everyone’s Talking About The college dropout has made his fortune supplying AI companies with human labour
-
Neurotechnology: how does new mind-reading technology work?
feature Developments in AI are turning thoughts into words but privacy fears are growing
-
Will China win the race to become the AI superpower?
Today's Big Question AI has now become integral to Beijing’s system of state surveillance, repression and control
-
AI job fears: how can we regulate the ‘rise of the robots’?
Today's Big Question Concern grows that ‘AI jobs bloodbath’ is underway as BT announces plan to shed 55,000 staff
-
Six good news stories about AI
feature From mind-reading health benefits to speaking to animals and deceased loved ones
-
Will AI steal all our jobs?
Talking Point Fears of mass unemployment may be ‘overblown’ but workers in media, teaching and finance need to embrace artificial intelligence
