Image
Nine killed, 3.5 million affected as Typhoon "Rumbia" wreaks havoc across central and eastern China
At least 9 people have been killed and 18 injured after Typhoon "Rumbia" wreaked havoc across central and eastern China over the past couple of days. About 3 512 000 people have been affected as well as 420 000 hectares (1.37 million acres) of crops. The storm has also damaged more than 5 800 homes. The typhoon made landfall near the city Shanghai just after 04:00 local time August 17 (20:00 UTC, August 16) with maximum sustained winds around 90 km/h (55 mph). Jason Nicholls@jnmet TS pushing into eastern near . Heavy rain and

Amazon fixes Alexa bug that let Echo keep listening

Amazon Echo speakers - Bloomberg

Amazon's Echo speakers featured a bug that meant the speaker continued to listen to its surroundings.

Security researchers found a way to make the device continue listening long after it should have switched off. Amazon said this would not allow the recordings to be passed to hackers but would have stayed with Amazon itself.
Amazon Echo speakers listen out for the word "Alexa", the name of its voice assistant, before completing a command, like "Alexa, read tell me today's news". Any interaction with Alexa is recorded to improve the service, but once the command is finished, Alexa stops recording.
But security researchers from Checkmarx developed an Alexa Skill that would keep Alexa listening long after it should have switched itself off and automatically transcribe what it hears for an attacker.
When an Alexa skill completes its task it is supposed to stop listening. However, sometimes Alexa doesn't hear a command correctly, which will lead the Echo to ask for the user to repeat it. This "re-prompt" feature could be exploited, the researchers found, and be programmed to carry on listening, while muting Alexa's responses.
Amazon's new Echo Dot speakers Credit: AP
The only sign the Echo was still on was a blue light ring, which normally lights up when Alexa receives a command. 
"For the Echo... listening is key," Checkmarx said. "However, with this device's rise in popularity, one of today's biggest fears in connection to such devices is privacy. Especially when it comes to a user's fear of being unknowingly recorded."
Amazon Alexa | Everything you need to know
Amazon has since addressed the flaw to better detect Skills which appear to be built for listening to users and automatically detecting long listening sessions by an Echo. Manipulating the Echo didn't actually require any attacks on the Echo itself, only a Skill coded to exploit its current features.
"We have put mitigations in place for detecting this type of Skill behavior and reject or suppress those Skills when we do," Amazon said.
It's not the first flaw found on Amazon's Echo. Last year it was revealed second-hand Echo devices could be tampered with to be turned into listening devices. 


Popular posts from this blog