Amazon Admits Alexa Voice Recordings Saved Indefinitely

Amazon has acknowledged that it retains the voice recordings and transcripts of customers’ interactions with its Alexa voice assistant indefinitely. The admission raises questions about how long companies should be able to save highly-personal data collected from voice assistant devices. After U....

Design/Logic Flaw

DISPUTED Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the us...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

PT-2018-10673 · Amazon · Alexa +1

Name of the Vulnerable Software and Affected Versions: Amazon Echo devices affected versions not specified Description: The reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill, allowing an attacker to obtain transcripts of speech not intended for Alexa to process. Thi...

Amazon Alexa Has Got Some Serious Skills—Spying On Users!

"Alexa, are you spying on me?" — aaaa.....mmmm.....hmmm.....maybe!!! Security researchers have developed a new malicious 'skill' for Amazon's popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device. Amazon Echo is an always-listening voice-activated smart ho...

YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code

YamaTough Hacker Demanded $50,000 for not releasing Stolen Symantec Source Code According to email transcripts posted to Pastebin yesterday, and confirmed by the company, a group of hackers attempted to extort $50,000 from Symantec in exchange for not releasing its stolen PCAnywhere and Norton...

CVE-2006-6769

Multiple cross-site scripting XSS vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 searchstring parameter in a setup/transcripts.php, the 2 l parameter in b index.php, the 3 login field in c phplive/index.php, and the 4 deptid...