Hacking the Amazon Alexa virtual assistant to spy on unaware users

The Alexa virtual assistant could be abused by attackers to spy on consumers with smart devices. Researchers at security firm Checkmarx created a proof-of-concept Amazon Echo Skill for Alexa that instructs the device to indefinitely record surround voice to secretly eavesdrop on users' conversations and then sends the transcripts to a website controlled by the attackers. Amazon allows developers to build custom Skills that can control voice-activated smart devices such as Amazon Echo Show, Echo Dot, and Amazon Tap. The rogue Echo Skill for Alexa is disguised as a simple math calculator, once installed it will be activated in the background after a user says "Alexa, open calculator." "The Echo is continuously listening for the user's voice. So when the user says "Alexa, open calculator", the calculator skill is initialized and the API\Lambda-function that's associated with the skill receives a launch request as an input."