A new study was published about the safety of using Amazon’s digital assistant, Alexa. It turns out, there are over 100,000 skills that Alexa can do, but there’s a secret behind this fact that may harm your personal data.
Never trust Alexa?
Over the years, millions of households have already used Amazon’s convenient assistant Alexa. When someone needs something– turning on the lights, playing some music, researching about some topic, etc—this online assistant is here for you.
However, a new research suggests that trusting too much on Alexa in doing things for you, could also result to a breach on your personal data.
According to a study performed by researchers at North Carolina State University and Germany’s Ruhr-University Bochum, there are several potential issues with how Amazon manages Alexa skills.
For one, Amazon Alexa has about 100,000 skills, inserted in its system. Out of this number, there are about 9,948 skills with duplicate invocation phrases in the U.S. skills store alone.
Duplicate phrases or skills could lead to Alexa’s confusion in activating the right skill, based on a specific task demanded by owner.
Skills developers can change their names
Since there are hundreds of thousands Alexa skills out there, Amazon may also have hard time in handling them one-by-one.
Surprisingly, skills developers, or the ones who created this system, can easily change their code.
This means, once a threat actor takes hold of one of Amazon Alexa skills, he can easily manipulate the system and even add a malicious code to a skill, upon usage of an owner.
What Amazon has to say
As the issue increases danger to all Amazon Alexa owners, the e-commerce giant immediately released a statement, explaining that their customers’ security is a ‘top priority’ in handling these cases.
They also said that the company is now doing further actions to prevent and blocked threat actors that could harm their customers’ personal data.
“The security of our devices and services is a top priority. We conduct security reviews as part of skill certification and have systems in place to continually monitor live skills for potentially malicious behavior. Any offending skills we identify are blocked during certification or quickly deactivated. We are constantly improving these mechanisms to further protect our customers,” said by Amazon representative.
How to disable Alexa skills
Since there are still no complete investigation and findings about this possible threat, it’s advisable for Alexa owners to disable unknown Alexa skills on their system.
To do this:
- Go to ‘alexa.amazon.com‘
- Head to ‘Skills’
- Click ‘Your Skills’ in top-right corner
- Disable unknown Alexa skills
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.