Amazon’s Echo is under fire after security firm have discovered a bug inside its speakers which allows the device to listen to you even after it has been shutdown.
Wired reports that the bug can be exploited because Echo’s personal assistant, called Alexa, will ask you to repeat yourself when it doesn’t understand what you have said.
Echo users usually talk into the speaker to give it commands, like “Alexa, what is the weather going to be like today?”
Security firm Checkmarx says the “re-prompt” feature could be programmed to keep on listening, while muting Alexa’s responses and transcribe what it hears for a hacker.
“For the Echo listening is key. However, with this device’s rise in popularity, one of today’s biggest fears in connection to such devices is privacy,” Checkmarx said. “Especially when it comes to a user’s fear of being unknowingly recorded.”
Checkmarx said the bug didn’t require any attacks on the Echo itself, just a code to exploit its current features.
Amazon said it had put processes in place to stop this sort of coding.
We have put mitigations in place for detecting this type of skill behaviour and reject or suppress those skills when we do,” the company said.