Alexa, stop recording conversations and sending them to other people!

Amazon confirmed that an Echo recorded a couple's private conversation and sent it to another person without their knowledge or verbal consent.

Alexa, stop recording conversations and sending them to other people!

Amazon confirmed that a couple’s Echo recorded their private conversation and sent it to another person — all without their knowledge or verbal consent.

In this case, Alexa’s eavesdropping was not a hack pulled off by security researchers; it was an “unlikely” chain of events that ended up as a privacy fiasco for a Portland, Oregon, couple.

The couple had an Echo in every room of their “smart” house, using Alexa to control the lights, climate control, and security system. At least they were — until they received a call from one of the husband’s employees who said, “Unplug your Alexa devices right now; you’re being hacked.”

But this wasn’t a hack at all. Danielle, the wife, told KIRO 7 that the employee located 176 miles away said, “He had received audio files of recordings from inside our house. At first, my husband was, like, ‘No you didn’t!’ And the (recipient of the message) said, ‘You sat there talking about hardwood floors.’ And we said, ‘Oh gosh, you really did hear us.’”

It is unsurprising that Danielle “felt invaded. A total privacy invasion. Immediately I said, ‘I’m never plugging that device in again, because I can't trust it.’”

She added, “A husband and wife in the privacy of their home have conversations that they’re not expecting to be sent to someone (in) their address book.”

An engineer at Amazon reportedly reviewed the logs and determined the events happened “exactly” as the couple described.

Amazon responds

As this story hit the proverbial fan, Amazon issued a statement about taking “privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future.”

Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right.’ As unlikely as this string of events is, we are evaluating options to make this case even less likely.

Yep, the eavesdropping Alexa misheard a conversation in the background a mind-blowing five times in row! Not only was the couple clueless about Alexa listening and recording their conversation, but they did not hear any of Alexa’s responses or even realize the recording had been sent to one of their contacts.

Alexa has done the same thing before

Unlikely and extremely rare? It is, according to Amazon, but it has happened at least once before to another couple. A year ago, a North Carolina couple had a similar experience of Alexa recording a conversation and sending it to another person without their knowledge or consent.

At that time, Rob Signore told WRAL that his insurance agent called him and said, “Hey, Rob, I think that Alexa was listening to something and sent me a message that, um, you probably didn’t want me to hear.”

Although Signore said the secret recording was of a humorous conversation, “it really could have picked up any conversation that we wouldn’t want other people to hear. It just blew my mind that, without knowing that I asked to send it, nor did it verify that I wanted to send it, that it sent the message.”

An Alexa spokesperson more or less blew it off, saying “Alexa is only looking for the wake word and then, ‘Alexa, send a message to,’ and their name.”

Check Echo audio recording history

When it comes to my Echo, I primarily use it to ask Alexa to play music. She could control my other smart devices, but I don’t trust her that much.

While I do check Alexa’s history and delete audio recordings, I do not always leave the microphone on mute because that defeats the purpose of having a hands-free voice assistant. If you have an Echo, too, then, before you do a mass delete of recorded audio, I encourage you to use the Alexa app and see what snippets of private conversations Alexa has recorded without you realizing it.

You can review the history in the Alexa app via Settings>Alexa Account>History. In my experience, the ones listed in history to really pay attention to read: “Text not available. Click to play recording.”

Most of those recordings are denoted in the app with: “Audio was not intended for your Echo – nothing was returned.”

Here’s a head-scratcher: Unless my dog learned to say Alexa to trigger the device, then I have no idea why one of the recordings is of my dog barking.

While I’ve never had Alexa inexplicably break into a creepy laugh, in the middle of the night while everyone was asleep, Alexa has said, “Hmmm. I can’t find the answer to the question I heard.” Then I was aggravated and awake at 3:30 in the morning because, unlike the Portland couple which must have had the volume turned very low on their Echo devices, the volume is cranked up on mine.

Disable messaging by calling Amazon

After the snafu with the Portland couple, you might opt to disable messaging so one of your contacts doesn’t end up with a recording of you that you didn’t even know happened. To do that, you need to either open the Alexa app and navigate from the menu to Help & Feedback to have Amazon customer service call you or call Amazon at (888) 280-4331.

Daniel Kahn Gillmor, a staff technologist for the American Civil Liberties Union's Speech, Privacy and Technology Project, told The Washington Post, “The Amazon Echo, despite being small, is a computer — it’s a computer with microphones, speakers, and it’s connected to the network. These are potential surveillance devices, and we have invited them further and further into our lives without examining how that could go wrong. And I think we are starting to see examples of that.”

Copyright © 2018 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)