There’s a new Marvel superhero series on Fox called The Gifted that this week inspired my son Fallon, age 11, to predict the first Alexa virus, coming soon to an Amazon Echo, Echo Dot or Echo Show cloud device near you. Or maybe it will be a Google Home virus. Fallon’s point is that such a contagion is coming and there probably isn’t much any of us -- including both Amazon and Google -- can do to stop it.
The Gifted has characters from Marvel’s X-Men universe. They are the usual mutants but the novel twist in this series is that some of these particular mutants are able to combine their powers with terrible effect. They just hold hands, get angry, and it is mayhem squared.
Fallon’s idea for a computer virus following similar lines is that it should be possible to create otherwise benign Alexa skills that, when used together, can make trouble.
Think about it. There are presently more than 15,000 Alexa skills that have been officially approved by Amazon and are available for download. These skills do everything from launching programs to gathering data to setting reminders. Though relatively simple, each is still a cloud app that can connect tens of millions of Echo products to Amazon Web Services (AWS).
Each Alexa skill is tested by Amazon before being approved, but are they tested together? They don’t appear to be.
One skill, for example, could open a communication session while another could gather audio or video data for spying. One skill could take control of the Echo while another could put the resulting bot to terrible use in a local network or on the Internet as a whole. I’m sure you can imagine any number of clever combinations.
Remember the combinations don’t have to be operating on the same Echo device to function cooperatively. This makes them even harder to detect.
The number of unique pairs of Alexa skills from the current approved list is 112,492,500. Harness three skills together and the number becomes 5.62387505e+11 -- probably too big to test even on Amazon’s huge cloud. After all, the testers would have no idea how to even trigger the intended function or what it was.
The only way to deal with a threat of this sort, short of banning outright this type of device, is to monitor Alexa behavior closely and jump into action the moment something unexpected happens. With thousands of developers and hundreds of skill types all they can do is wait.
Fallon is pretty sure we won’t have to wait for long.