A family in Portland, Oregon, received a nightmarish phone call two weeks ago.
“Unplug your Alexa devices right now,” a voice on the other line said. “You’re being hacked.”
Apparently, one of Amazon.com’s Alexa-powered Echo devices in their house had silently sent recordings to the caller without the family’s permission, according to KIRO 7, a news station covering Seattle and western Washington state that first reported the story. The person, who happened to be an employee of the husband, was in the family’s contact list.
“My husband and I would joke and say, ‘I’d bet these devices are listening to what we’re saying,’ ” said a woman to KIRO 7 who identified herself only by her first name, Danielle.
“At first, my husband was, like, ‘No, you didn’t!’ And the [recipient of the message] said, ‘You sat there talking about hardwood floors.’ And we said, ‘Oh, gosh, you really did hear us.’ ”
Danielle said she felt invaded after listening back to her own conversations, silently captured by an eavesdropping machine. “I’m never plugging that device in again,” she said. “I can’t trust it.”
Amazon said in a statement to The Post Thursday afternoon that the Echo woke up when it heard a word that sounded like “Alexa.” “The subsequent conversation was heard as a ‘send message’ request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customers contact list.”
The company also said that “As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
(Amazon’s chief executive, Jeff Bezos, owns The Washington Post.)
Danielle told KIRO 7 that the device did not tell her that it would be sending the recorded conversations.
This isn’t the first time that Amazon’s smart speaker has garnered scrutiny over potential eavesdropping. Last month researchers discovered a flaw in the Alexa voice assistant, enabling an Echo to continue listening to a person without them knowing. The devices are supposed to record audio only after users issue a voice command, known as a “wake word.” Amazon quickly fixed the vulnerability after researchers alerted the company.