Amazon’s voice assistant Alexa has been a welcome addition to many homes with people using the devices daily to listen to the radio, check the weather, play games and chat with one another.
All this data collected by Alexa is extremely valuable, which is why it’s not great news that security researchers Check Point discovered vulnerabilities in certain Amazon and Alexa subdomains that could have allowed a hacker to access this personal data.
According to the researchers, the bug would have allowed a hacker access to do things like remove or install skills, access voice history and personal data, including phone numbers and home address. All they would have needed to do was send a malicious link that the victim had to click on, as well as voice interaction to gain this information.
Amazon has fixed the issue after Check Point disclosed it to the tech giant in June 2020. Yet given the scale of Amazon Alexa devices in use worldwide, with over 200 million sold globally, it demonstrates how attractive these devices are for hackers, according to Check Point’s head of products vulnerabilities research, Oded Vanunu.
“Smart speakers and virtual assistants are so commonplace that it’s easy to overlook how much personal data they hold and their role in controlling other smart devices in our homes. But hackers see them as entry points into peoples’ lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware.
“Alexa has concerned us for a while now, given its ubiquity and connection to [Internet of Things] devices. It’s these mega-digital platforms that present the biggest security risk and can hurt us the most. Therefore their security levels are of crucial importance.”
An Amazon spokesperson told the Standard: "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed."
It’s important to make sure you’re checking on the data held by your voice assistant and cleaning it up every now and again, so in the eventuality that someone access it, they can’t find too much.
It’s now possible to delete most of your voice data from Amazon’s files as well. When you delete a voice recording, Amazon deletes the transcripts associated with it, including the request and the Alexa response.
Go to the Amazon Echo App and open Settings, to find the Alexa Privacy section. Click on that and Review Voice History. This will display all the requests you’ve made since you set your Alexa device and the option to either delete all recordings or just the ones from that day.
Alternatively, you can ask Alexa to delete it for you by saying, “Alexa, delete what I just said,” or “Alexa, delete everything I said today.”