Checkmarx Finds Flaw That Enables Hackers to Record Amazon Alexa Users
Today’s topics include researchers finding that Amazon Alexa can be hacked to record users and Google has redesigned Gmail with new security and productivity features.
On April 25, security firm Checkmarx publicly disclosed that it has found that a malicious developer can trick Amazon's Alexa voice assistant technology to record everything a user says.
It’s not yet clear if any hackers have ever exploited the flaw, which is not in the Amazon Echo hardware, but rather is an abuse of functionality in the Alexa Skills feature set.
Developers can extend Alexa's technology by building skills that provide new functionality for end users.
Checkmarx found several unbounded parameters available to Alexa skills developers that could have enabled a malicious developer to record and even transcribe what a user says, even after the user had finished communicating with the device.
A mitigating feature already in place in place is a blue LED light ring at the top of the device that shows whenever Alexa is listening.
Google has introduced comprehensive new security and productivity features in Gmail. The biggest update is a confidential mode for protecting sensitive content, allowing users to create expiration dates for emails, revoke previously sent email, and require additional authentication via text messages.
Gmail now also contains integrated Information Rights Management controls to prevent sent emails from being forwarded, copied, downloaded or printed. Additional updates include Nudging, which proactively reminds users about responding to potentially important messages. Smart Reply suggests three brief responses to messages based on the email’s content while High-Priority notifications only informs users of important messages to minimize interruptions.
Users will also be able to quickly reference and create Calendar invitations and manage to-do items in a new Tasks side panel.