Wednesday, January 28, 2026
Latest:
Technology

Check Point Researchers Uncovered Alexa Flaw That Exposed Personal Information and Speech Histories

Miles Donovan

smart speaker alexa voice assistant home device

so yeah your alexa has been potentially spying on you. well not alexa exactly but anyone who managed to exploit this vulnerability before amazon patched it.

check point security researchers found a flaw that wouldve let hackers access your entire voice history with alexa. every command youve ever given it. every response its given back. that includes potentially sensitive stuff like banking interactions home addresses phone numbers depending on what skills you had installed.

the attack worked like this. someone sends you a malicious link that looks like a legit amazon package tracking url. you click it because of course you do everyones ordering stuff online constantly. that redirects you to a compromised amazon subdomain where code gets injected. from there the attacker can basically impersonate you to alexas backend.

they could install skills. remove skills. access your voice history. get personal info from your profile. the whole thing.

amazon says they fixed it after check point reported it in june 2020 and claims theres no evidence anyone actually exploited it in the wild. which is the standard response and also impossible to verify but whatever.

heres what gets me though. over 200 million alexa devices had been sold by end of 2019. thats 200 million potential targets just sitting in peoples homes listening to everything.

the vulnerability specifically exploited cross site scripting and cors misconfigurations on amazon subdomains. basically web security 101 stuff that shouldnt be happening on infrastructure this critical.

oded vanunu from check point put it bluntly – “Smart speakers and virtual assistants are so commonplace that its easy to overlook just how much personal data they hold.” and hes right. we invited these always-listening devices into our homes and kind of just forgot theyre computers connected to the internet with all the security implications that entails.

check point recommends avoiding unfamiliar alexa skills and thinking twice before sharing sensitive info with your smart speaker. which is good advice i guess but also feels like putting a bandaid on a gunshot wound.

amazon stores your voice history indefinitely by default. you can change that in settings but most people dont know or dont bother.

Source: Check Point Research

Miles Donovan

Miles Donovan covers app outages, platform updates, viral trends, AI tools, and digital behavior shaping U.S. online culture.

Leave a Reply

Your email address will not be published. Required fields are marked *