Saudi Press

Saudi Arabia and the world
Thursday, Oct 02, 2025

Amazon Alexa security bug allowed access to voice history

Amazon Alexa security bug allowed access to voice history

A flaw in Amazon's Alexa smart home devices could have allowed hackers access personal information and conversation history, cyber-security researchers say.

Attackers could install or remove apps on a device without the owner knowing, Check Point Research reports.

The hack "required just one click on an Amazon link" purposely crafted by the attacker, it says.

The firm told Amazon about the flaw, which has now been fixed.

Amazon said: "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us."

It said it did not know of any case where a bad actor had used the vulnerability to target its customers.

In January, Amazon said there were "hundreds of millions" of Alexa devices in the world.

Malicious skills


Check Point said the hack required the creation of a malicious Amazon link, which would be sent to an unsuspecting user.

Once they clicked the link, the attacker could get a list of all installed Alexa "skills" - or apps - and steal a token allowing them add or remove skills.

One way to use the flaw would be to remove a skill and then install a malicious one that uses the same "invocation phrase" - the series of spoken words used to trigger it. This could have been done without the user knowing.

The next time the user tried to activate that skill, it would have run the attacker's app instead.

The attackers would have been able to see Alexa's voice history - a record of conversations between the user and device.

Check Point said this could create major problems, pointing to banking skills that let the user check their account balance.

"This could lead to exposure of personal information, such as banking data history," they argued - even though it does not save banking login details.

Amazon objected to this suggestion, however, saying that banking information - like balances - was redacted in the record of Alexa's responses, so it could not have been accessed.

The attack would also allow access to personal information in the Amazon profile, such as a home address, Check Point said.

Amazon also said it believed the use of a secret malicious skill was less likely than Check Point's researchers implied.



Amazon’s head of Alexa Dave Limp on privacy concerns



It said there were systems in place to prevent malicious skills from ever hitting the Alexa Skills Store - and that security reviews were part of their process.

Badly behaving apps were also routinely deactivated, it said.

"Their screening process probably would have caught most bad actors - they are quite good at that and know their reputation is at stake," said University of Surrey cyber-security expert Prof Alan Woodward.

"The thing about this hack was that it was due to a vulnerability that is well-known… so it's surprising to see it in Amazon's estate."

He said the access to voice records was a big concern, but was unsure if other hackers could have known about the vulnerabilities in specific subdomains used to launch the attack.

"Although if the security researchers found it, I'm sure less scrupulous people could have done the same."

Newsletter

Related Articles

Saudi Press
0:00
0:00
Close
Altman Says GPT-5 Already Outpaces Him, Warns AI Could Automate 40% of Work
Trump Organization Teams with Saudi Developer on $1 Billion Trump Plaza in Jeddah
Electronic Arts to Be Taken Private in Historic $55 Billion Buyout
Colombian President Petro Vows to Mobilize Volunteers for Gaza and Joins List of Fighters
Nvidia and Abu Dhabi’s TII Launch First AI-&-Robotics Lab in the Middle East
UK, Canada, and Australia Officially Recognise Palestine in Historic Shift
New Eye Drops Show Promise in Replacing Reading Glasses for Presbyopia
Dubai Property Boom Shows Strain as Flippers Get Buyer’s Remorse
Top AI Researchers Are Heading Back to China as U.S. Struggles to Keep Pace
JWST Data Brings TRAPPIST-1e Closer to Earth-Like Habitability
UAE-US Stargate Project Poised to Make Abu Dhabi a Global AI Powerhouse
Trump and Starmer Clash Over UK Recognition of Palestinian State Amid State Visit
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Sam Altman sells the 'Wedding Estate' in Hawaii for 49 million dollars
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Kuwait opens bidding for construction of three cities to ease housing crunch.
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
Could AI Nursing Robots Help Healthcare Staffing Shortages?
Turkish authorities seize leading broadcaster amid fraud and tax investigation
Qatari prime minister says Netanyahu ‘killed any hope’ for Israeli hostages
Apple Introduces Ultra-Thin iPhone Air, Enhanced 17 Series and New Health-Focused Wearables
Big Oil Slashes Jobs and Investments Amid Prolonged Low Crude Prices
Social Media Access Curtailed in Turkey After CHP Calls for Rallies Following Police Blockade of Istanbul Headquarters
Did the Houthis disrupt the internet in the Middle East? Submarine cables cut in the Red Sea
Gold Could Reach Nearly $5,000 if Fed Independence Is Undermined, Goldman Sachs Warns
Uruguay, Colombia and Paraguay Secure Places at 2026 World Cup
Trump Administration Advances Plans to Rebrand Pentagon as Department of War Instead of the Fake Term Department of Defense
Tether Expands into Gold Sector with Profit-Driven Diversification
Trump’s New War – and the ‘Drug Tyrant’ Fearing Invasion: ‘1,200 Missiles Aimed at Us’
At the Parade in China: Laser Weapons, 'Eagle Strike,' and a Missile Capable of 'Striking Anywhere in the World'
Information Warfare in the Age of AI: How Language Models Become Targets and Tools
Israeli Airstrike in Yemen Kills Houthi Prime Minister
After the Shock of Defeat, Iranians Yearn for Change
YouTube Altered Content by Artificial Intelligence – Without Permission
Iran Faces Escalating Water Crisis as Protests Spread
More Than Half a Million Evacuated as Typhoon Kajiki Heads for Vietnam
HSBC Switzerland Ends Relationships with Over 1,000 Clients from Saudi Arabia, Lebanon, Qatar, and Egypt
Sharia Law Made Legally Binding in Austria Despite Warnings Over 'Incompatible' Values
Dogfights in the Skies: Airbus on Track to Overtake Boeing and Claim Aviation Supremacy
Tim Cook Promises an AI Revolution at Apple: "One of the Most Significant Technologies of Our Generation"
Are AI Data Centres the Infrastructure of the Future or the Next Crisis?
Miles Worth Billions: How Airlines Generate Huge Profits
Zelenskyy Returns to White House Flanked by European Allies as Trump Pressures Land-Swap Deal with Putin
Beijing is moving into gold and other assets, diversifying away from the dollar
Cristiano Ronaldo Makes Surprise Stop at New Hong Kong Museum
Zelenskyy to Visit Washington after Trump–Putin Summit Yields No Agreement
×