|
|
|
|
|
|
by andrepd
3391 days ago
|
|
|
Yes, exactly this. They could easily just TTS what you are saying, save the text, and send it together with the rest of the info when you say "Alexa". Thus only sending information when you say "Alexa" but managing to upload all your conversations. I would be very surprised if they aren't doing something like this. The power of analysing which products you talk about in your home more often, what kind of stuff you consume, what affairs do you discuss at home, etc, is too good to pass up. And seriously frightening. |
|
|
However, with that said, unless they do certificate pinning on their device the answer to that is to MITM the device and snoop on the traffic.
If they do certificate pinning the answer is:
1. Pre-record an Alexa commend
2. Play back the recording
3. Wait a minute
4. Replay the command
5. Measure the size of the packets going across the network
6. Wait a week while playing something that sounds like natural conversation - say an audio book
7. Replay the command audio file
8. Measure the amount size of data sent between the end of the second command and the end of the last
It should be slightly more than the second command was to account for things like checking for updates. But if it includes the TTS (which is essentially an audio book transcribed at this point) than it would be quite a bit larger even with text compression.