Alexa Can Be Made to Hack Itself

Alexa Can Be Made to Hack Itself

A team of academic researchers from London’s Royal Holloway University and Italy’s University of Catania have confirmed that Alexa will follow its own commands, as long as those commands start with the speaker’s wake word. (Echo users currently have the choice whether their device listens for “Alexa” or “Echo.”) In an unfortunate phenomenon dubbed “Alexa vs. Alexa,” or AvA, Echo users and hackers alike can take advantage of Alexa’s full voice vulnerability (FVV) to force the device to make self-issued commands without adjusting for volume as it normally would. Alexa then hears and executes the command as if it had been given by an actual person.

This is an easy vulnerability to exploit. The researchers found that bad actors need only a few seconds within close proximity of an active Echo device to issue a voice command that pairs it with their own device, allowing the bad actor to control Alexa using text-to-speech as long as they’re within radio range of each other. This is possible with both 3rd- and 4th-generation Echo Dot devices.

Thanks to how interconnected smart speakers are with various facets of our personal lives (after all, that’s kind of the point), a hacker who’s gained control of someone’s Echo device is capable of meddling with everything from the victim’s productivity tools and finances to the other devices in their home. Tests found that hackers could “control smart lights with a 93 percent success rate, successfully buy unwanted items on Amazon 100 percent of the time, and tamper [with] a linked calendar with 88 percent success rate.” If a command needed confirmation in order to proceed, all the hacker needed to do was include “yes” in their command about six seconds after their initial statement. Even “skills” could be impersonated, allowing the hacker to obtain the device owner’s personal data and passwords.

The authors of the research paper have reported these gaps and provided possible countermeasures to Amazon’s Vulnerability Research Program, which rated them with a medium severity score and stated it is working toward a solution.

Continue reading

Rare Copy of Super Mario Bros. 3 Sets Record With $156,000 Auction Sale
Rare Copy of Super Mario Bros. 3 Sets Record With $156,000 Auction Sale

That makes it the most expensive video game ever sold at auction, surpassing a copy of the original Super Mario Bros that sold for $114,000 a few months ago.

Razer’s Tomahawk Ultra-Compact Desktop PC Goes on Sale This Month
Razer’s Tomahawk Ultra-Compact Desktop PC Goes on Sale This Month

The ultra-compact PC will be available for pre-order this very month with specs including a Core i7 CPU and up to an Nvidia RTX 3080 graphics card. Razer's new PC won't come cheap, though.

PC Sales Up 26 Percent in Q4, 13 Percent Year-on-Year
PC Sales Up 26 Percent in Q4, 13 Percent Year-on-Year

PC sales have skyrocketed in 2020, and the trend should continue into 2021.

Intel Rehires Nehalem’s Chief Architect to Build a New High-Performance CPU
Intel Rehires Nehalem’s Chief Architect to Build a New High-Performance CPU

Intel has re-hired Senior Fellow Glenn Hinton to build a new high-performance CPU architecture. Gelsinger's appointment is already having an effect.