Hey, Alexa, please infect my network!

Security researchers in Germany and the US find that the safeguards to stop malware being injected into the Alexa ecosystem are woeful.

“We show that not only can a malicious user publish a Skill under any arbitrary developer/company name, but she can also make backend code changes after approval to coax users into revealing unwanted information,” the academics explain in their paper, titled “Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem.”

1 Like