Beautiful Virgin Islands

Monday, Jun 23, 2025

Amazon Alexa security bug allowed access to voice history

Amazon Alexa security bug allowed access to voice history

A flaw in Amazon's Alexa smart home devices could have allowed hackers access personal information and conversation history, cyber-security researchers say.

Attackers could install or remove apps on a device without the owner knowing, Check Point Research reports.

The hack "required just one click on an Amazon link" purposely crafted by the attacker, it says.

The firm told Amazon about the flaw, which has now been fixed.

Amazon said: "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us."

It said it did not know of any case where a bad actor had used the vulnerability to target its customers.

In January, Amazon said there were "hundreds of millions" of Alexa devices in the world.

Malicious skills


Check Point said the hack required the creation of a malicious Amazon link, which would be sent to an unsuspecting user.

Once they clicked the link, the attacker could get a list of all installed Alexa "skills" - or apps - and steal a token allowing them add or remove skills.

One way to use the flaw would be to remove a skill and then install a malicious one that uses the same "invocation phrase" - the series of spoken words used to trigger it. This could have been done without the user knowing.

The next time the user tried to activate that skill, it would have run the attacker's app instead.

The attackers would have been able to see Alexa's voice history - a record of conversations between the user and device.

Check Point said this could create major problems, pointing to banking skills that let the user check their account balance.

"This could lead to exposure of personal information, such as banking data history," they argued - even though it does not save banking login details.

Amazon objected to this suggestion, however, saying that banking information - like balances - was redacted in the record of Alexa's responses, so it could not have been accessed.

The attack would also allow access to personal information in the Amazon profile, such as a home address, Check Point said.

Amazon also said it believed the use of a secret malicious skill was less likely than Check Point's researchers implied.



Amazon’s head of Alexa Dave Limp on privacy concerns



It said there were systems in place to prevent malicious skills from ever hitting the Alexa Skills Store - and that security reviews were part of their process.

Badly behaving apps were also routinely deactivated, it said.

"Their screening process probably would have caught most bad actors - they are quite good at that and know their reputation is at stake," said University of Surrey cyber-security expert Prof Alan Woodward.

"The thing about this hack was that it was due to a vulnerability that is well-known… so it's surprising to see it in Amazon's estate."

He said the access to voice records was a big concern, but was unsure if other hackers could have known about the vulnerabilities in specific subdomains used to launch the attack.

"Although if the security researchers found it, I'm sure less scrupulous people could have done the same."

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Starmer Invites Innovators to Join Government Talent Scheme
UK Economy’s Strong Opening Quarter Shows Signs of Cooling
Harrods Seeks Court Order to Secure Al Fayed Estate for Victims
BA and Singapore Airlines Cancel Dubai Flights Amid Middle East Tensions
Trump Faces Backlash from MAGA Base Over Iran Strikes
Meta Bets $14 B on Alexandr Wang to Drive AI Ambitions
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
FedEx Founder Fred Smith, ‘Heart and Soul’ of the Company, Dies at 80
Chinese Factories Shift Away from U.S. Amid Trump‑Era Tariffs
Pimco Seizes Opportunity in Japan’s Dislocated Bond Market
Labubu Doll Drives Pop Mart to Status as China’s Most Valuable Toy Maker
Global Coal Demand Defies Paris Accord Goals
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Pakistan to nominate Trump for Nobel Peace Prize.
BBC Demands Perplexity AI Immediately Stop Using Its Content
Telegram Founder: I Will Leave My Fortune to Over 100 of My Children
Political Turmoil Resurfaces in Belgium Amid Economic Concerns
Fed policymakers divided on timing of interest rate cuts
Trump signals imminent agreement with Harvard University
Inheritance tax referendum alarms Swiss billionaire community
Japan cancels bilateral security meeting amid US defence demands
AI skeptic Emily Bender warns that ‘the emperor has no clothes’
Israel Confirms Assassination of Quds Force Commander in Tehran
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
FBI and Senate Investigate Allegations of Chinese Plot to Influence the 2020 Election in Biden’s Favor Using Fake U.S. Driver’s Licenses
Vietnam Emerges as Luxury Yacht Destination for Ultra‑Rich
Plans to Sell Dutch Embassy in Bangkok Face Local Opposition
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump's $5 Million 'Trump Card' Visa Program Draws Nearly 70,000 Applicants
DGCA Finds No Major Safety Concerns in Air India's Boeing 787 Fleet
Airlines Reroute Flights Amid Expanding Middle East Conflict Zones
Elon Musk's xAI Seeks $9.3 Billion in Funding Amid AI Expansion
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Taiwan Imposes Export Ban on Chips to Huawei and SMIC
Israel has just announced plans to strike Tehran again, and in response, Trump has urged people to evacuate
Netanyahu Signals Potential Regime Change in Iran
Juncker Criticizes EU Inaction on Trump Tariffs
EU Proposes Ban on New Russian Gas Contracts
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
Energy Infrastructure Becomes War Zone in Middle East
UK Home Secretary Apologizes Over Child Grooming Failures
×