A recent study published by a team of researchers from North Carolina State University revealed some security risks concerning Amazon’s skills for ‘Alexa’.
Indeed, it was stated that personal data, such as banking information and contact lists, could be compromised with any third-party skills from the Alexa skills marketplace.
Yet, the researchers cannot currently say if these security risks have been maliciously exploited so far. As protection though, it is recommended to uninstall all third-party Alexa skills until Amazon confirms that all privacy holes have been health with.
Moreover, the researchers found out that developers are able to use redundant wake words. Hence, when you are using your voice to open an app, someone might use that phrase for nefarious purposes.
Besides, it would also appear that Amazon enabled third-party skills publishers to change their privacy policies after getting approval and publishing. Hence, developers can change the code on the back end of skills after the skill has been placed in stores.
Amazon declared that the security of its devices and services is a top priority and they are working on fixing this issue to protect their customers.