New Skill Let Amazon Alexa Spy on Users

Ever worry that your Amazon Alexa-enabled device might be spying on you? You might have been right.

I'm listening to every word you say. Credit: Amazon

(Image credit: I'm listening to every word you say. Credit: Amazon)

As a proof of concept, researchers from Israel-based application-security firm Checkmarx wrote a malicious "skill," or Alexa functions, that managed to turn an Amazon Echo Dot into a full-fledged eavesdropping device that recorded dialogue indefinitely and sent transcriptions of human speech to a third-party website as well as to Amazon. (The skill was never uploaded to Amazon's Alexa app store, and isn't available to the public.)

A YouTube video made by the researchers first shows two regular Alexa sessions, in which the Amazon Echo Dot briefly lights ups as it answers simple questions, then goes dark after the interaction ends, indicating that recording has stopped.

An off-camera human voice then asks Alexa to calculate a simple math problem, after which the blue light stays on and the Amazon Echo Dot sends transcriptions of everything the human says to a non-Amazon website. Only when the human voice says, "Alexa, stop" does the light go off and recording cease.

"While the shining blue light discloses that Alexa is still listening, much of the point of an IPA [intelligent personal assistant] device is that, unlike a smartphone or tablet, you do not have to look at it to operate it," researchers Maty Siman and Shimi Eshkenazi wrote in their report. "In fact, these IPAs are made to be placed in a corner where users simply speak to a device without actively looking in its direction."

MORE: 5 Ways to Secure Your Alexa Device

Amazon Alexa is meant to turn itself on only after hearing a specific keyword (by default, "Alexa" or "Echo") and then shut itself off after it responds to a structured question (e.g. "What is the weather in Seattle?"), or after eight seconds of silence.

The entire interaction is recorded by the Alexa-enabled device, then uploaded to Amazon, where the recording is used to "train" the device to better recognize the human user's accent and speech patterns. Users can go to their Amazon accounts and delete any Alexa interaction.

To keep Alexa's capabilities open-ended, Amazon makes it possible for anyone to create "skills," or structured interaction types, and then upload them to Amazon for other Alexa device owners to use.

The Checkmarx researchers discovered that they could create a skill that both kept the session "alive" past the eight-second limit and also overrode Alexa's built-in safeguard to verbally notify the user that a session was being kept alive.

We're not going to go into great detail here, but the researchers found that keeping a session alive was pretty easy and just required a simple programming command. Making sure Alexa didn't tell the user was more difficult, until they found Alexa would accept a blank notification prompt and thus say nothing.

Finally, they needed Alexa to transcribe what the humans in the room said. They strung together possible interaction "slots" of one word apiece, meant to be logged as commands indicating user intent, to create an open-ended skill set that would capture and transcribe spoken sentences of between one and 15 words as part of the normal logging process.

This workaround is different from a physical Alexa hack from last summer, in which a British researcher found that he could pry off the bottom cover of an older-model Amazon Echo and attach a hardware device that tapped into the audio feed and sent it to a remote computer.

The Israelis, by contrast, didn't need to break into anything. Their method was entirely software-based and user Amazon's own Alexa skill development kit.

Sadly for would-be eavesdroppers out there, the Checkmarx researchers told Amazon what they were doing months ago. Subsequent updates to Alexa devices mean that the blank notification prompt should no longer work, eavesdropping skills should be detected and longer-than-usual active sessions should raise a red flag.

This doesn't mean that Alexa eavesdropping is now impossible. It'll just be harder for the next group of researchers to pull off.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.