According to a study published today by a team of researchers from North Carolina State University, your personal data – including, potentially, your banking information and contact lists – could be at risk if you’ve installed any third-party skills from the Alexa skills marketplace. First things first: Skills are Alexa’s versions of apps. They’re useful for everything from controlling third-party hardware gadgets such as smart lights or smart thermostats to logging in to your bank account using voice-command via Alexa. It gets worse. The researchers also found that developers can use redundant wake words. In the worst case here, you might be fooled into thinking you’re giving your information to a company you trust because you used an invocation phrase like “Alexa, open the Blah Blah Blah Banking app” when in reality someone’s aped that phrase for nefarious purposes. Luckily, it’s really easy to do this.
Step three: click on “Your Skills” and make sure you’re not using any third-party skills.
You can read the full paper here.