•   
  •   
  •   

Technology Alexa vulnerability is a reminder to delete your voice history

18:45  13 august  2020
18:45  13 august  2020 Source:   cnet.com

9 surprising Alexa tricks to try with your Amazon Echo tonight

  9 surprising Alexa tricks to try with your Amazon Echo tonight Amazon's Alexa voice assistant can recognize a can of soup and create music playlists on the fly.For example, did you know you can hold something up to your Amazon Echo Show and Alexa can tell you what it is? Or that you can tell your Echo speaker to create a playlist for you without ever picking up your phone?

If you haven't been regularly deleting your voice history with Amazon's voice assistant Alexa, a recently-fixed vulnerability that would have exposed all your conversations with the smart speaker could be a good reason to start.

a close up of a speaker: An Amazon vulnerability with its subdomain kicked off a chain of issues that could have let a hacker view your voice chat history, researchers said. Sarah Tew/CNET © Provided by CNET An Amazon vulnerability with its subdomain kicked off a chain of issues that could have let a hacker view your voice chat history, researchers said. Sarah Tew/CNET

On Thursday, researchers from the cybersecurity firm Check Point released a report detailing security issues they discovered with Amazon's Alexa, which would have allowed a potential hacker to get a person's conversation logs with the smart speaker, as well as install skills on the device without the person knowing.

5 ways to customize Alexa so you love your Amazon Echo more

  5 ways to customize Alexa so you love your Amazon Echo more Get the most out of your voice assistant with these tips, from customizing what Alexa says to creating personalized routines.For example, you don't have to listen to the same Alexa responses all the time -- you can create your own, instead. Also, you can get Alexa to recognize individual voices in your household so that everyone has their own personalized experience with Alexa.

An Amazon vulnerability with its subdomain kicked off a chain of issues that could have let a hacker view your voice chat history, researchers said. © Sarah Tew/CNET

An Amazon vulnerability with its subdomain kicked off a chain of issues that could have let a hacker view your voice chat history, researchers said.

"The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems," an Amazon spokesperson said in a statement.

The company said it had not seen any cases of this vulnerability being used.

The company said they reached out to Amazon in June and the tech giant has since fixed the flaw, but the security concerns serve as a strong reminder to minimize the amount of history logged with your smart speakers.

Amazon's Alexa event shows the future of the Echo's voice assistant

  Amazon's Alexa event shows the future of the Echo's voice assistant Amazon hasn't revealed any major new Alexa-powered hardware this year, but today's Alexa Live developer conference gives insights into its voice-centric priorities moving forward.At the Amazon Alexa booth at CES 2020.

Connected devices at home present a new opening for hackers, and smart voice assistants are no different. Security researchers have frequently demonstrated flaws with Alexa, like a stranger yelling to unlock your doors to a laser pointer being able to activate your device from 300 feet away.

Buckle in: Alexa is asking the questions now

  Buckle in: Alexa is asking the questions now Voice assistants are advancing quickly. Should we do anything about it?During this week's Alexa Live developers conference, Amazon announced another new upgrade: give-and-take conversations with the voice assistant. The tools for such conversation are already being implemented by third-party developers and it wouldn't be a surprise to hear Alexa, in the next few months, begin to ask follow-up questions after you give the usual commands.

Many of these concerns are mitigated by the fact that an attacker would need to be near your home or within your speakers' range to affect it, but Check Point's security flaws would've just needed a single click, researchers said.

Amazon had vulnerabilities with its subdomains -- URLs like track.amazon.com, for example. While you might be skeptical enough to avoid clicking on suspicious links, a URL with Amazon's domain in it could be enough to make you believe that you're safe.

The security researchers found that they were able to inject code in the subdomain that would allow them to extract a security token tied to your Alexa account. Using that token, a potential attacker could pose as you to install skills, get a list of the skills you are already using, and view your voice chat history with Alexa.

All of Amazon's Alexa smart speakers

Depending on how sensitive your conversations with Alexa are, it could mean access to your health information, your finances, or just the silly day-to-day stuff you'd ask the voice assistant.

10 new Alexa features to try on your Amazon Echo

  10 new Alexa features to try on your Amazon Echo Amazon added several new tricks and tools to its Echo devices and Alexa app.Last month, the big tech company also announced three new Alexa updates designed to help you to better interact with Alexa. Here are the latest features that you can use on your Amazon Echo now.

"Smart speakers and virtual assistants are so commonplace that it's easy to overlook just how much personal data they hold, and their role in controlling other smart devices in our homes," Oded Vanunu, Check Point's head of products vulnerabilities research, said in a statement. "But hackers see them as entry points into peoples' lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware. We conducted this research to highlight how securing these devices is critical to maintaining users' privacy."

Check Point said attackers could have started eavesdropping on conversations by installing a skill, but Amazon scans skills for any malicious activities, and blocks them from its marketplace. The voice history log is a bigger concern, and the vulnerabilities are a reminder that you should be regularly deleting your conversations with Alexa.

Like other voice assistant providers, Amazon keeps records of your voice history with Alexa to improve its own artificial intelligence, and unless you opt out, human reviewers will listen to those conversations, too.

You can have your voice history set to delete automatically past 3 months or 18 months, but if you want it deleted every day or every week, you'll need to do it manually.

With vulnerabilities like this, it's a good practice to start doing because of the potential for hackers to access those sensitive records, and ask yourself: do the pros of having a history of your conversations with Amazon outweigh the cons?

Keep in mind that even though deleting the voice history could keep you safe from potential hackers, it doesn't do much for your privacy from Amazon itself.

In a letter to senators from July 2019, Amazon said that it keeps transcripts of voice recordings indefinitely, even when the audio itself is deleted.

Every new Alexa feature Amazon announced for the fall: Hunches, Alexa Guard Plus and more .
From listening for your newborn's cries to switching off lights without being asked, Alexa is about to become a lot more independent, predictive and proactive in your home.When I spoke to Daniel Rausch, Amazon's vice president of smart home and Alexa mobile, before the hardware event, he said Alexa is becoming more independent too. Alexa will soon be able to act on Hunches without asking, to listen for and react to sounds other than a wake word, and to protect your home more actively with an upgrade to Alexa Guard.

usr: 1
This is interesting!