Arab Press

بالشعب و للشعب
Wednesday, Jul 15, 2026

Amazon Alexa security bug allowed access to voice history

Amazon Alexa security bug allowed access to voice history

A flaw in Amazon's Alexa smart home devices could have allowed hackers access personal information and conversation history, cyber-security researchers say.

Attackers could install or remove apps on a device without the owner knowing, Check Point Research reports.

The hack "required just one click on an Amazon link" purposely crafted by the attacker, it says.

The firm told Amazon about the flaw, which has now been fixed.

Amazon said: "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us."

It said it did not know of any case where a bad actor had used the vulnerability to target its customers.

In January, Amazon said there were "hundreds of millions" of Alexa devices in the world.

Malicious skills


Check Point said the hack required the creation of a malicious Amazon link, which would be sent to an unsuspecting user.

Once they clicked the link, the attacker could get a list of all installed Alexa "skills" - or apps - and steal a token allowing them add or remove skills.

One way to use the flaw would be to remove a skill and then install a malicious one that uses the same "invocation phrase" - the series of spoken words used to trigger it. This could have been done without the user knowing.

The next time the user tried to activate that skill, it would have run the attacker's app instead.

The attackers would have been able to see Alexa's voice history - a record of conversations between the user and device.

Check Point said this could create major problems, pointing to banking skills that let the user check their account balance.

"This could lead to exposure of personal information, such as banking data history," they argued - even though it does not save banking login details.

Amazon objected to this suggestion, however, saying that banking information - like balances - was redacted in the record of Alexa's responses, so it could not have been accessed.

The attack would also allow access to personal information in the Amazon profile, such as a home address, Check Point said.

Amazon also said it believed the use of a secret malicious skill was less likely than Check Point's researchers implied.



Amazon’s head of Alexa Dave Limp on privacy concerns



It said there were systems in place to prevent malicious skills from ever hitting the Alexa Skills Store - and that security reviews were part of their process.

Badly behaving apps were also routinely deactivated, it said.

"Their screening process probably would have caught most bad actors - they are quite good at that and know their reputation is at stake," said University of Surrey cyber-security expert Prof Alan Woodward.

"The thing about this hack was that it was due to a vulnerability that is well-known… so it's surprising to see it in Amazon's estate."

He said the access to voice records was a big concern, but was unsure if other hackers could have known about the vulnerabilities in specific subdomains used to launch the attack.

"Although if the security researchers found it, I'm sure less scrupulous people could have done the same."

Newsletter

Related Articles

Arab Press
0:00
0:00
Close
Spain in Ecstasy: "We Feel Unbeatable, We Taught the Whole World a Lesson"
Harvard Astrophysicist to Lead U.S. Scientific Advisory on Unidentified Aerial Phenomena
Emergency Sirens Activated Across Bahrain as Interior Ministry Issues Shelter Directives
World Cup Visitors Turn American Big-Box Stores Into Souvenir Stops
Netflix Weighs Always-On Channels, Bundles and Short-Form Video
The AI Invoice Shock: Layoffs Didn't Save Managers Money — They Cost Them More
Concern: Sexually Transmitted Bacterium Among Men Develops Antibiotic Resistance
Passenger Partially Pulled Out of Ryanair Jet After Cabin Window Fails Mid-Flight
Severe Heatwave Drives Dangerous Ground-Level Ozone Pollution Across Two Thirds of European Union
The Physical and Electronic Barriers Disrupting Domestic Wireless Networks
France and Morocco Open World Cup Quarter-Finals as Collina Defends Refereeing
Tech Pulse: The Future of AI and Screen Culture
Global News Briefing: Escalating Geopolitical Tensions and Corporate Shakeups
Global News Brief: Escalating Conflicts, Public Health Crises, and World Cup Drama
Europe's Growing Struggle with Extreme Heat and Air Conditioning
Anthropic Reengineers Agentic Architecture to Shift Autonomous Workplace Automation to the Cloud
Logic Flaw in Windows 11 Permission Architecture Silently Consumes Hundreds of Gigabytes of Local Storage
Apple Advances Late-Stage Operating Systems with Fourth Beta Deployments
Global Crisis Alert: Escalating Middle East Tensions and UK Political Upheaval
Japanese Technology Firm Fujitsu Launches Advanced Artificial Intelligence Tool for Corporate Disclosures
South Africa Officially Launches Nationwide Campaign for Highly Contested Local Government Elections
United Kingdom Commits Additional Funding for Unexploded Ordnance Clearance in Laos
Singapore Announces Stringent New Greenhouse Gas Regulations for Commercial Cooling Systems
Cambodia and Thailand Hold High-Level Border Security Talks at United Nations Headquarters
Myanmar Military Government and China Sign Major Agreement to Upgrade Media and Cultural Cooperation
Knife Attack at Swiss Train Station Leaves Three Injured in Suspected Act of Domestic Terrorism
Transnational Extortion Gang Threatens Canadian Police With Army of One Thousand Armed Operatives
Australia Imposes Forty-Two-Day Quarantine on Cruise Ship Passengers Following Deadly Hantavirus Outbreak
International Monetary Fund Unlocks Seven Hundred Million United States Dollars for Sri Lanka Following Economic Reforms
Australia Launches Record One Point Four Billion Dollar Lawsuit Against Chemical Giant 3M Over Contamination
China and Canada Foreign Ministers Meet in Ottawa in Effort to Stabilize Strained Diplomatic Ties
Indonesia Demands Urgent United Nations Security Council Reform Amid Escalating Global Conflicts
Extreme Weather Patterns Trigger Severe Drought in Madagascar and Destructive Flooding in East Africa
Indian State of Karnataka Faces Political Upheaval as Chief Minister Siddaramaiah Abruptly Resigns
Philippines and Japan Reaffirm Defense Ties as Crucial for Indo-Pacific Regional Stability
Norway Joins French Nuclear Deterrence Initiative in Major Shift for European Security Architecture
Global Critical Mineral Alliances Expand as Western Nations Move to Counter Chinese Supply Dominance
United States Imposes Fifty Percent Tariffs on Mexican Steel and Aluminum Ahead of Trade Pact Review
European Union and China Head Toward Major Trade Conflict Over Clean Technology Exports
United States Economic Growth Severely Downgraded to One Point Six Percent as Stagflation Fears Mount
World Health Organization Warns Central African Ebola Epidemic is Outpacing Containment Efforts
United States Treasury Department Conditions Sanctions Relief on Reopening of the Strait of Hormuz
Iranian Air Defenses Intercept and Destroy United States Military Drone Over Bushehr Province
Iranian Armed Forces Launch Ballistic Missiles Toward Unspecified Targets Prompting Regional Condemnation
United Nations Secretary-General Warns Global Order Facing Highest Level of Conflict Since 1945
Israel Issues Sweeping Evacuation Orders in Southern Lebanon Amid Intensified Hezbollah Conflict
Russia Announces Systemic Military Strikes Targeting Ukrainian Defense and Energy Infrastructure
United States and Iranian Negotiators Reach Draft Agreement to Extend Ceasefire and Resume Nuclear Talks
United Nations Security Council Deeply Divided Over United States Capture of Venezuelan President
US and Iran Exchange Direct Military Strikes Amid Fragile Gulf Ceasefire
×