General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsAmazon Echo Flaw Allowed For Silent Eavesdropping Of Users' Conversations
.
From the, "Gee, I didn't see this coming" files:
Normally, the Echo has an always-on listening capability, which in theory is supposed to only be fully activated when it hears the word Alexa. Once a user says Alexa, the device will start recording what the user says and analyze that audio information. After it provides the information the user requested, then its listening capabilities should go back to stand-by and it should stop recording users voices.
However, a flaw uncovered by Checkmarx researchers can allow a malicious party to record everything indefinitely after the user has activated a malicious app (or skill). Exploiting this bug still required the researchers to ensure the Alexa recording session would stay alive after the user received a silent response from the device. They also had to ensure that the transcribing of the recorded voice was accurate, in order for the data to be useful to a malicious party.
Mitigations
The Checkmarx researchers disclosed the flaw to Amazon and said that they worked closely with the companys team to implement some solutions against this type of attack. For starters, Amazon will review apps under a stricter criteria, to find the "eavesdropping" skills. The company will also change Echo's code to take appropriate actions when certain skills send empty-reprompts or when the sessions take longer than usual.
As more people buy devices such as the Echo, Google Home, or other similar always-listening devices, theyll likely be at an increased risk of eavesdropping, as similar flaws are more sought-out by malicious parties. We also know that the FBI has started becoming quite interested in using Amazons Echo to surveil suspects, and this interest will likely only grow in the future.
https://www.tomshardware.com/news/amazon-echo-silent-eavesdropping-users,36959.html
Kind of makes you wonder if these "flaws" aren't just undocumented value-added features, until exposed.
.
Sneederbunk
(14,292 posts)dawg
(10,624 posts)onethatcares
(16,173 posts)"whoops, we left a microphone on and it accidentally sent everything it could pick up to the "cloud"".
Panatir (?) just loves that shit.
There's also two dolls out their that record conversations with kids, feminine and masculine.What they hear goes to the cloud.
Imagine what kids say to their playtoys. It's fucking scary and there is not a thing we can do about it. Companies that enable this stuff laugh at resistance.
JenniferJuniper
(4,512 posts)He's 16 so not a millennial. He likes his privacy.
TheBlackAdder
(28,209 posts).
No matter how much I warn them, it's Snapchat, Instagram, Twitter, Facebook, etc.
Most of it is stupid stuff, but a lot has identifiable information in i, or stuff that might bite them in the ass.
I tell them, if you apply for a job, and don't get any offers, it's probably because of your web content.
JenniferJuniper
(4,512 posts)scour the web for that stuff. The last thing you want is to not get your dream job at 22 because of some nonsense you posted five or six years ago. I know in kids years that's a long time, but it's nothing in adult years.
TheBlackAdder
(28,209 posts)Even the deleted stuff is stored.
Lee-Lee
(6,324 posts)If it has a microphone and can connect to the internet then it can be used to spy on you.
You smart phone, your laptop, your smart speaker, your gaming console, your smart TV, your fancy video doorbell. Your thermostat you can talk to.
If it has a microphone and connects to the net, it has everything needed to be a bug and just needs someone to turn it on.
MiniMe
(21,717 posts)Blue_Adept
(6,399 posts)It's a problem with any open market store like they have for these things.