CVE-2018-11567

Name of the Vulnerable Software and Affected Versions Amazon Echo devices (affected versions not specified)

Description The reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill, allowing an attacker to obtain transcripts of speech not intended for Alexa to process. This issue involves empty output-speech reprompts, custom wildcard input slots, and logging of detected speech. If a maliciously designed skill is installed, it could capture speech spoken within the device's hearing range.

Recommendations For Amazon Echo devices, the vendor has put mitigations in place for detecting this type of skill behavior and rejects or suppresses those skills when detected. Customers do not need to take any action for these mitigations to work.