Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Error Allowed Alexa User To Eavesdrop on Another Home (reuters.com)

Posted by msmash on from the oops dept.

A user of Amazon's Alexa voice assistant in Germany got access to more than a thousand recordings from another user because of "a human error" by the company. From a report: The customer had asked to listen back to recordings of his own activities made by Alexa but he was also able to access 1,700 audio files from a stranger when Amazon sent him a link, German trade publication c't reported. "This unfortunate case was the result of a human error and an isolated single case," an Amazon spokesman said on Thursday. The first customer had initially got no reply when he told Amazon about the access to the other recordings, the report said. The files were then deleted from the link provided by Amazon but he had already downloaded them on to his computer, added the report from c't, part of German tech publisher Heise.

12 of 91 comments (clear)

  1. Single case? by drinkypoo · · Score: 4, Insightful

    "This unfortunate case was the result of a human error and an isolated single case," an Amazon spokesman said on Thursday.

    "Why is this even possible?", internet users said on Thursday.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Single case? by DarkOx · · Score: 4, Insightful

      Its possible because Amazon and others have convinced people its a great idea to have hot mic; under third party control in their homes.

      Its possible because people are stupid.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:Single case? by drinkypoo · · Score: 3, Interesting

      Its possible because Amazon and others have convinced people its a great idea to have hot mic; under third party control in their homes.

      That's not even what I'm talking about. Why is it even possible for an Amazon employee to make these voice files available to other users through the interfaces available to them? It's understandable why the data is there, but not understandable why someone can make the files available to another user with a click. Even if it's done with a backdoored system, those files ought to be encrypted to the user.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:Single case? by pr0t0 · · Score: 4, Insightful

      I think a better interpretation of your question should be, why do they have and keep these recordings? The conversation should have gone like this:

      Customer: I'd like to listen to all of the recordings of my interactions with the Alexa device.

      Acceptable answers:
      Amazon: I'm sorry, we do not keep recordings of your interactions with our products.
      or
      Amazon: I'm sorry, all recordings are anonymized. We cannot access recordings by user, location, or time of recording because that information is not stored.

      --
      I'm sorry, but your opinion seems to be wrong.
    4. Re:Single case? by Anonymous Coward · · Score: 2, Interesting

      This isn't the only case we've heard of exactly this type of phenomenon. There's been another incident where exactly this happened, and yet another where someone could hear live conversations directly from someone else's Alexa device. Until people realize live mics in the home under someone else's control are a bad idea, which I'm not convinced will ever happen, we'll keep hearing about these sorts of incidents.

      One of my more paranoid friends is convinced in a few years you'll be ostracized if you don't have these devices implanted in every room because if you don't, you clearly are trying to hide something and shouldn't associate with the "normal, decent god fearing" humans that want to be sure they are safe and secure at all times. I used to think he was babbling bullishit, but the way we're going I'm not so sure.

    5. Re:Single case? by Mascot · · Score: 2

      "Why is this even possible?", internet users said on Thursday.

      Didn't strike me as any great mystery. Amazon is too big and clunky to have gotten their GDPR ducks in a row and are manually handling requests that should be automated.

      The longer version: For whatever reason Amazon has not made accessing your Echo recordings something you can just do at will (I assume this to be the case, otherwise the request would make no sense, but I don't own an Echo so I don't really know). The user made a request for the recordings, which falls under personal information, thus the GDPR, thus giving Amazon no option but to respond. When complying with a request for personal information is a manual process, there's always a risk of human error. Voila. If some poor sod is stuck all day collating recordings and sending users links to them, at some point it is inevitable that something will go wrong.

  2. Tell me... by Viol8 · · Score: 4, Insightful

    Just how fucking beyond stupid do you have to be to willingly bug your own home with one of these devices? Or is just the ultimate expression of apathy when you can't even be bothered to use a touchscreen to find or do what you need? I think the passengers in the Wall-E film are a closer reality than anyone believed.

    1. Re:Tell me... by ZombieCatInABox · · Score: 2

      This is the result of entire generations of people never having known anything but life in a civilized world. They've never had to wake up to the sound of bombardement sirens in the middle of the night, they've never had strangers with governement badges bust down their door and take one of their loved ones away, never to be seen again. They've never had to call the police for an emergency, just to have police ask for bribes before they do anything, if they do anything, except maybe gang-rape their daughter in the next room.

      They naively and stupidly think that the only life they've ever known is the normal state of human society, while its true normal state is police state, tyranny, civil war, fear, suffering and bloodshed.

      When you ask them "How do you feel about the fact that the real-life equivalent of Lex Luthor is now your president, that he has the nuclear codes, and that you put him in the oval office, knowingly, and on purpose", their reply is either "meh" or "yeah, but it pisses off libruls, lol !"

      It's apathy alright. Apathy of someone who's never had to care. Until now.

  3. If this was an 'accident' due to 'human error'.. by Rick+Schumann · · Score: 2

    ..then just imagine what they can do when they intend to listen in on you!
    Not going to mince words: you are STUPID if you allow these devices in your home! FFS at least unplug the gods-be-damned thing when you're not actively using it!

    You've been warned. Repeatedly.

  4. Hash collision by 110010001000 · · Score: 2

    It was just a hash collision when generating the link. Will be fixed in the next update.

  5. Alexa keep me free by BringsApples · · Score: 2

    I see how many people here already think the alexa thing is stupid, nice. But, sadly, there's not very many of us. I've seen people of all ages with these things in their house. They talk to it with eyebrows down, shouting at it, like it's their house-maid. The damn thing is involved with their emotions!

    With the ever increases in security measures sweeping through the world, there may be a day when we'll all be tracking ourselves, just to prove our social-standing/citizenship.

    --
    Politics; n. : A religion whereby man is god.
    1. Re:Alexa keep me free by 110010001000 · · Score: 2

      I personally track myself constantly and send the data to every company that asks for it. It keeps me safe from terrorists.