Amazon Alexa skills pose potential security threat according to study

One of the ways that Amazon sets its Alexa digital assistant apart from the competition is through a massive library of third-party ‘skills.’

Skills enable all kinds of extra functionality on Alexa, from checking the weather to playing music. A recent count puts the number of skills at over 100,000, although The Verge notes that most of those skills are gimmicks and jokes that don’t really add much value. Worse than that, new research suggests these skills could also be a privacy threat.

According to a study performed by researchers at North Carolina State University and Germany’s Ruhr-University Bochum, there are several potential issues with how Amazon manages Alexa skills.

For one, Alexa can automatically enable skills if users ask specific questions called ‘invocation phrases.’ Researchers found 9,948 skills with duplicate invocation phrases in the U.S. skills store alone. Duplicate phrases could lead to Alexa activating the wrong skill since it’s unknown how Alexa decides which skill to enable.

Worse, researchers found that developers could publish skills under the names of well-known tech firms, like Samsung or Microsoft. Someone with malicious intent could potentially publish a fake skill masquerading as one from a reputable developer to trick people into enabling it on their Echo devices.

Read at complete article at source

Back to news overview