Amazon Alexa Let Hackers Listen In

It’s August 2020, which means you’ve probably spent a good chunk of the past few months reading and hearing about just how dangerous it is outside the confines of your home. But sometimes you need a break from all the fear-inducing headlines relating to COVID-19; sometimes you need fear-inducing headlines relating to other things. Because variety. 

Amazon’s Alexa, as it turns out, may have been spilling the beans. Potentially your beans, to be specific. The helpful voice assistant, capable of turning off your porch lights and filling in the gaps of your underwhelming education by answering basic math questions, was reported to have left its owner’s personal information vulnerable to hackers, according to cybersecurity company Check Point

(“Alexa, can you not?” am I right?) 

Presenting the information to Amazon back in June, the e-commerce giant soon after released a patch to address the vulnerabilities. It’s unclear if the vulnerabilities were present since Alexa’s inception in 2014, or simply in between software updates. 

Researchers say that hackers could hijack the devices by providing malicious Amazon links. From that point, according to Check Point, hackers would have access to the user’s voice history, as well as critical personal information such as banking data. 

Amazon disputes that last claim, however.  

“The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us," an Amazon spokesperson told WIRED in a statement. "We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed."

No word on whether hackers would have access to your embarrassing guilty pleasures on Amazon Prime Video, but still pretty concerning nonetheless. 

“Smart speakers and virtual assistants are so commonplace that it’s easy to overlook just how much personal data they hold, and their role in controlling other smart devices in our homes,” said Oded Vanunu, head of products vulnerabilities research at Check Point. “But hackers see them as entry points into peoples’ lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware.” 

Amazon announced it had sold more than 100 million Alexa-enabled devices at the start of 2019, with that number reportedly doubling by the start of 2020, according to The Hill

That’s… potentially a lot of banking information. 

RECENT POSTS

Alexa usage has also boomed in recent years, quadrupling since 2018, according to Daniel Rausch, Amazon’s president of smart home (via CNET). The pandemic response has only aided in the growth of those metrics, and not just because we have nobody else to talk to right now. Rausch notes that one week in April 2020 (aka the month that lasted all of 30 seconds when compared to its never-ending predecessor) saw more cooking-related inquiries than the company did in Thanksgiving week 2019. Music, question/answer, and general smart home commands are all said to have seen noteworthy growth as well.

Now take a moment to realize how Amazon might know that you were looking for help with your chunky mashed potatoes on Nov. 28. While Amazon doesn’t explicitly state that it listens to your conversations, it should come as no surprise to know that the company is, you know, actually listening to your conversations. 

Amazon employs thousands of people across the globe to listen to voice recordings captured within homes and offices that feature an Amazon Echo device, as reported by Time. Those conversations are transcribed and annotated with the intent of improving Alexa’s comprehension of human speech. Users can opt out of having their voice recordings used for Alexa development, but that doesn’t necessarily mean the company will stop listening altogether. 

Bloomberg reports that Alexa reviewers don’t have access to a user’s full name or address, but that they can see the user’s first name and the device’s serial number. 

And no, my fellow Siri- or Google Assistant-supported friends, you’re not immune to the spying. Apple and Google also utilize human workers to improve their voice assistants, although the privacy and security practices vary from company to company. 

So whether it’s a hacker or company employee, you can safely assume that somebody besides Alexa is listening (but not your kids — they never listen). 

What do you think? Is the convenience of having a voice assistant worth the potential invasion of privacy? Sound off in the comments below.