Alexa Can Be Made to Hack Itself

Alexa Can Be Made to Hack Itself

A team of academic researchers from London’s Royal Holloway University and Italy’s University of Catania have confirmed that Alexa will follow its own commands, as long as those commands start with the speaker’s wake word. (Echo users currently have the choice whether their device listens for “Alexa” or “Echo.”) In an unfortunate phenomenon dubbed “Alexa vs. Alexa,” or AvA, Echo users and hackers alike can take advantage of Alexa’s full voice vulnerability (FVV) to force the device to make self-issued commands without adjusting for volume as it normally would. Alexa then hears and executes the command as if it had been given by an actual person.

This is an easy vulnerability to exploit. The researchers found that bad actors need only a few seconds within close proximity of an active Echo device to issue a voice command that pairs it with their own device, allowing the bad actor to control Alexa using text-to-speech as long as they’re within radio range of each other. This is possible with both 3rd- and 4th-generation Echo Dot devices.

Thanks to how interconnected smart speakers are with various facets of our personal lives (after all, that’s kind of the point), a hacker who’s gained control of someone’s Echo device is capable of meddling with everything from the victim’s productivity tools and finances to the other devices in their home. Tests found that hackers could “control smart lights with a 93 percent success rate, successfully buy unwanted items on Amazon 100 percent of the time, and tamper [with] a linked calendar with 88 percent success rate.” If a command needed confirmation in order to proceed, all the hacker needed to do was include “yes” in their command about six seconds after their initial statement. Even “skills” could be impersonated, allowing the hacker to obtain the device owner’s personal data and passwords.

The authors of the research paper have reported these gaps and provided possible countermeasures to Amazon’s Vulnerability Research Program, which rated them with a medium severity score and stated it is working toward a solution.

Continue reading

Chromebooks Gain Market Share as Education Goes Online
Chromebooks Gain Market Share as Education Goes Online

Chromebook sales have exploded in the pandemic, with sales up 90 percent and future growth expected. This poses some challenges to companies like Microsoft.

SpaceX Launches ‘Better Than Nothing’ Starlink Beta
SpaceX Launches ‘Better Than Nothing’ Starlink Beta

Those lucky few who have gotten invitations to try the service will have to pay a hefty up-front cost, and the speeds aren't amazing. Still, it's a new generation of satellite internet.

Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR
Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR

Ask anyone who has spent more than a few minutes inside a VR headset, and they'll mention the screen door effect. This could eliminate it for good.

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.