It's more like having an unauthenticated API open to the network, where in this case the network is sound waves in your local space. The idea that anyone is using voice for priveliged operations ("buy X", change my calendar, etc) is horrifying to me.

> anyone is using voice for priveliged operations

I remember when people started broadcasting to Siri for people who had their headphones plugged in.

I'm always startled to find out that people with very young kids have these in their house. Presumably there's some way from preventing a 3 year old from running up a $50k bill?

Alexa purchasing can be configured with a voice PIN.

I believe purchasing by voice does have to be enabled initially through the app as well. https://www.amazon.com/gp/help/customer/display.html?nodeId=...

Edit: I looked in my Alexa app and there is also a voice recognition option, so you can use it to only allow purchasing via recognized voice patterns and require a PIN for anything else.

I didn't turn on the purchasing option. Seems pointless anyway, I always want to comparison shop things.

>Feels like a kind of SQL Injection ("voice injection attack"?).

We used to take advantage of this on conference calls, where one of the participants was on speaker-phone and had an Alexa.

"Alex, play 'Never going to give you up' by Rick Astley"

Hopefully, people start waking up to this attack surface, as it's taken adventage of more because it's a very dangerous "gotcha".

Consider, for example, saying, "OK, Google, show me my last messages," during a conference call, in which Google will also read the messages aloud.

Fun times...

That’s been a thing since the start of voice assistants. I’ve even seen local TV ads do it to try get the viewers Google Home to activate, and mine has reacted to TV shows and YouTube channels before.

There was an episode of 30 Rock where Jack pitches essentially an Alexa-powered TV, and the joke was TV shows controlling the TV itself, never thought of Tina Fey as a SciFi writer but here we are.

I've been meaning to turn off voice detection on my phone because I'm tired of Google reacting to my conversations (and worried enough about Google as it is).

It is a fun way to mess with your friends who use speaker phone to talk to you while at home.

You got that right: After I got an Echo Dot, my daughter (35, married with a 3-year-old son) in Pittsburgh started saying "Alexa, buy diapers" whenever we were on speaker. Alexa would reply something to the effect of "Diapers added to list," and my daughter would laugh so hard. Drove me nuts, to the point where I unplugged my Echo Dot.

And they deserve no less for recording you, presumably without permission. Illegal in many states.

There was a story a while back about a reporter on the TV news that purposely said something to Alexa to show people how the devices can be activated remotely...