Amazon Alexa hijacked but it is now patched – updated

This was originally posted on 4 March 2022

I put this more academic article up, as a Saturday read, for some background into home automation and smart devices:

Home automation and Smart Devices – some questions to be answered – Smart Thinking Solutions

Now today there is an article on The Register, explain how an infosec research group at The Royal Holloway University of London, discovered how to exploit a vulnerability in Amazon Alexa devices using voice commands from the device.

Amazon Alexa compromise possible through own speakers • The Register

The vulnerability has now been patched – all you need to do is make sure you have applied the updates!

Here is the original research paper:

[2202.08619] Alexa versus Alexa: Controlling Smart Speakers by Self-Issuing Voice Commands (arxiv.org)

Further Reading

Attackers can force Amazon Echos to hack themselves with self-issued commands | Ars Technica

Hacking Alexa through Alexa’s Speech – Schneier on Security