Alexa Can Be Made to Hack Itself

Alexa Can Be Made to Hack Itself

A team of academic researchers from London’s Royal Holloway University and Italy’s University of Catania have confirmed that Alexa will follow its own commands, as long as those commands start with the speaker’s wake word. (Echo users currently have the choice whether their device listens for “Alexa” or “Echo.”) In an unfortunate phenomenon dubbed “Alexa vs. Alexa,” or AvA, Echo users and hackers alike can take advantage of Alexa’s full voice vulnerability (FVV) to force the device to make self-issued commands without adjusting for volume as it normally would. Alexa then hears and executes the command as if it had been given by an actual person.

This is an easy vulnerability to exploit. The researchers found that bad actors need only a few seconds within close proximity of an active Echo device to issue a voice command that pairs it with their own device, allowing the bad actor to control Alexa using text-to-speech as long as they’re within radio range of each other. This is possible with both 3rd- and 4th-generation Echo Dot devices.

Thanks to how interconnected smart speakers are with various facets of our personal lives (after all, that’s kind of the point), a hacker who’s gained control of someone’s Echo device is capable of meddling with everything from the victim’s productivity tools and finances to the other devices in their home. Tests found that hackers could “control smart lights with a 93 percent success rate, successfully buy unwanted items on Amazon 100 percent of the time, and tamper [with] a linked calendar with 88 percent success rate.” If a command needed confirmation in order to proceed, all the hacker needed to do was include “yes” in their command about six seconds after their initial statement. Even “skills” could be impersonated, allowing the hacker to obtain the device owner’s personal data and passwords.

The authors of the research paper have reported these gaps and provided possible countermeasures to Amazon’s Vulnerability Research Program, which rated them with a medium severity score and stated it is working toward a solution.

Continue reading

Chromebooks Gain Market Share as Education Goes Online
Chromebooks Gain Market Share as Education Goes Online

Chromebook sales have exploded in the pandemic, with sales up 90 percent and future growth expected. This poses some challenges to companies like Microsoft.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

AMD Smashes Revenue Records as Zen 3, Xbox Series X, PS5 Ramp Up
AMD Smashes Revenue Records as Zen 3, Xbox Series X, PS5 Ramp Up

AMD's Q3 2020 results are in, and the results are excellent for the company, in every particular.

MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing

Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.