A study by the University of Catania and the Royal Holloway University of London highlights a particular vulnerability for devices that use Alexa. In fact it seems that i Echo devices can hack themselves, using the same voice as Alexa to execute commands of any kind. In fact, it would be enough connect a Bluetooth speaker external and use text-to-speech to control smart devices and more. But the actual risks should be limited.
Alexa can “hack itself”
According to reports from the same video made by the researchers, hackers could give commands to operate smart devices in the house. Alexa in this case asks for a voice confirmation, but it seems enough to let a couple of seconds pass and type “Yes” in the text-to-speech.
Hackers could then call any number phone, even one controlled by the hacker. It can make unauthorized purchases, change calendars and settings, and evenor install unsolicited skills. Maybe even software to intercept conversations and much more.
You can see the researchers testing these features in the video below.
However, the risks are all in all limited for technical reasons. In fact, the Bluetooth device that communicates with Alexa must be in the same room as the Alexa speaker. Furthermore, the fact that it is necessary to use voice commands makes it more difficult to hide the attack: if you are at home when the hacker types the commands, you will surely realize that Alexa is talking to someone else. And with a little research, you should find it external speaker connected to the system.
However, the researchers reported the possible danger of AvA (Alexa vs Alexa) to Amazon. The company has rated the vulnerability risk as ‘medium’ and has already corrected some issues, such as the one that allows the MITM (Man-in-the-middle) attack.
So there is no need to be alarmed. But if you hear Alexa responding to herself instead of you, ask yourself a few questions.