According to this week’s “Alexa news that will make you shake your head”, researchers have revealed that it may instruct Amazon’s famed Echo smart speaker to hack itself.
Academics have established at London’s Royal Holloway and the Catania’s University of Italy that Alexa will obey orders that begin with a speaker’s wake word. Unfortunately, “Alexa” and “Echo” are now the only two words that Echo owners may activate their device to respond to.
Known as “Alexa versus. Alexa,” or AvA, this will happen when anyone using the Echo may cause the device to execute self-issued orders by taking advantage of Alexa’s complete voice vulnerability (FVV). The order is then heard and executed by Alexa just like when humans say the command.
This can be exploited massively. According to a study by Carnegie Mellon researchers, if they are within radio range of each other, people may manage Alexa via text-to-speech. Also, third- and fourth-generation Echo Dots are supported.
When a hacker takes over an Echo device, they may access anything. An analysis of hacker abilities revealed that they could “manipulate smart lighting with a 93% success rate”. “Purchase undesired things on Amazon with an astounding 98% success rate,” and more.
The only thing the hacker needs to do was to put “yes” in their command. If they can fake even “skills, hackers may steal the device owner’s personal information, including their passwords for instance.”