Wednesday, April 25, 2018

"researchers at the security firm Checkmarx started fiddling with Alexa, to see if they could turn it into a spy device. They did"

Wired:

the researchers designed a skill that acts as a calculator, but has a lot more going on behind the scenes.

...

Normally, the interaction would end there, and the mic would stop transmitting. But the researchers programmed their skill so that instead, a developer functionality called “shouldEndSession” would automatically keep the Echo listening for another cycle.

Even then, normally Alexa would give a verbal "readback" prompt, letting the user know that it was still actively engaged. The researchers found, though, that they could simply put empty values into this prompt instead of words, meaning the Echo would stay quiet and wouldn't let a user know that the session was continuing.