Everything You Need to Know about Alexa's New Security Flaw | Safety.com

Everything You Need to Know about Alexa’s New Security Flaw

Have you ever been hesitant about purchasing a smart device like Amazon’s Alexa for privacy reasons? Many of those concerns are met with real privacy failures but are often not considered bad enough for them to be unsafe for most consumers. However, recent news have reported many Alexa users are facing privacy issues due to a major security flaw. If you’re an Alexa owner and unsure of what to do with this information and how it may be affecting you, we will clue you into the finer details. 

What Exactly is the Security Flaw 

It was revealed to the public that a security firm company called Check Point discovered that a hacker had easy access to an Alexa user’s entire voice history. This means that every single voice interaction the person had with an Alexa device could be accessible through that security flaw. They also found that private information like home addresses and other profile data was at risk through this security defect. Check Point also revealed that hackers could also delete certain installed “skills” on the device and install one that would collect even more data after the initial breach. 

There is also another theory that hackers could access a customer’s banking history through this breach, but Amazon claims that this is untrue. 

In order for a hacker to gain access to this information, Alexa would have to interact with a link that invites this attack into the system. This can be done by creating a seemingly harmless link to lure the system into opening up access unknowingly. Alexa would mistake the hacking source as a safe interaction and give the hacker access to private consumer information related to their voice history and account details. 

How is Amazon Fixing the Issue?

It has been assured to the public by both the independent firm, Check Point, and Amazon themselves that the skills in the Amazon store are always screened for unusual behavior that may put their consumers at risk. 

“The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point, who bring potential issues to us,” Amazon claims in a statement in regards to the security weaknesses that were brought to light by Check Point. “We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed.”

What Do Current Alexa Owners Need to Do?

Despite Amazon’s assurances, this information may put current Alexa users on edge, and rightfully so. Everyone wants to make sure that their private information stays secure. Users cannot control whether their Alexa devices become compromised through a failure in the Amazon system. Still, steps can be taken to ensure the data they exchange with their Alexa is as safe as possible.  

After Alexa users discovered in the past that their Alexa audio interactions were being used in ways that they were uncomfortable with, Amazon made it possible to delete their audio history quickly. This is essential information for consumers to have and even more critical for consumers to engage with this feature as often as possible. Otherwise, Amazon stores those recordings as long as you allow. 

In order for consumers to be able to delete their audio recordings, they can do so either through the app, the Amazon website, or verbally. We recommend using the website because it allows users to mass delete their entire history in the Alexa Privacy Settings>Review Voice History. 

Moving forward, it is easy to do so by utilizing the verbal feature. All that is required is to say something along the lines of, “Alexa, delete everything I said today.” To delete their audio recordings on the app, simply go to Settings > History. Should users decide to go this route, they will find themselves having to individually delete each request in their history. We don’t know about you, but we certainly do not have time for that. 

Many users may believe they have to replace their current Alexa unit and this is not necessary. To protect your information as much as possible, simply follow the precautionary steps mentioned above. 

Our Breakdown

While this significant security flaw is indeed unfortunate, it was quickly addressed by Amazon. Thankfully, Check Point revealed the flaw before Amazon had a mass security breach on their hands. Overall, Amazon has assured the public that the issues have been fixed, and users should not fear for their data becoming vulnerable. However, for Alexa lovers who find themselves still worried  are encouraged to utilize the audio recording history that is kept in their settings. 

Kristen Bolden