Daniele Sgandurra

**Name of the Vulnerable Software and Affected Versions** Amazon Echo Dot devices, 3rd and 4th Generation **Description** The issue allows for arbitrary voice command execution on affected devices. This can be achieved by a remote attacker using a malicious skill or by a physically proximate attacker pairing a malicious Bluetooth device, also known as an "Alexa versus Alexa (AvA)" attack. **Recommendations** For 3rd Generation Amazon Echo Dot devices, update the device to a version that includes a fix for this issue. For 4th Generation Amazon Echo Dot devices, update the device to a version that includes a fix for this issue. As a temporary workaround, consider disabling skills from untrusted sources and restricting Bluetooth pairing to minimize the risk of exploitation.