A new Moen Alexa-enabled shower displayed at the CES conference in January. Photo: Mandel Ngan/AFP via Getty Images

Researchers at the security firm CheckMarx discovered a security flaw in Amazon's Alexa voice enabled digital personal assistant that could have been used to eavesdrop and transcribe any ambient conversation.

But, there are caveats: The flaw requires a user to not only install, but also run a malicious app on Alexa, and not notice Alexa's trademark blue light never turns off. Amazon has now released a patch, meaning it is not an issue for up-to-date Alexa systems.

The details: Alexa lets users install new processes, known as skills. If a criminal developed a skill with some malicious code, CheckMarx discovered some ways to circumvent Amazon's system designed to prevent eavesdropping.

  • Alexa requires apps to periodically alert users it is still listening. But CheckMarx found a way to avoid that safeguard, known as "reprompt." Developers are allowed to set the reprompt message, including a message with no text.
  • Alexa only makes it difficult to transcribe text without specifying the number of words it records. CheckMarx dodged this by telling it to listen for one word sentences, two word sentences and so on and so forth all the way up to needlessly long strings of words.

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Americans feel Trump's sickness makes him harder to trustFlorida breaks record for in-person early voting — McConnell urges White House not to strike stimulus deal before election — Republican senators defend Fauci as Trump escalates attacks.
  2. Health: The next wave is gaining steam.
  3. Education: Schools haven't become hotspots — University of Michigan students ordered to shelter-in-place.
  4. World: Ireland moving back into lockdown — Argentina becomes 5th country to report 1 million infections.

Report: Goldman to settle DOJ probe into Malaysia's 1MDB for over $2B

Illustration: Lazaro Gamio/Axios

Goldman Sachs has agreed with the Department of Justice to pay over $2 billion for the bank's role in Malaysia's multi-billion dollar scandal at state fund 1MDB, Bloomberg first reported.

Why it matters: The settlement, expected to be announced within days, would allow Goldman Sachs to avoid a criminal conviction in the U.S. over the bribery and money laundering scandal that saw three of its former bankers banned for life from the banking industry by the Federal Reserve Board.

Trump threatens to post "60 Minutes" interview early after reportedly walking out

Trump speaks to reporters aboard Air Force One, Oct. 19. Photo: Mandel Ngan/AFP via Getty Images

President Trump tweeted on Tuesday that he was considering posting his interview with CBS' "60 Minutes" prior to airtime in order to show "what a FAKE and BIASED interview" it was, following reports that he abruptly ended the interview after 45 minutes of taping.

Why it matters: Trump has escalated his war on the media in the final stretch of his re-election campaign, calling a Reuters reporter a "criminal" this week for not reporting on corruption allegations about Hunter Biden and disparaging CNN as "dumb b*stards" for the network's ongoing coronavirus coverage.