What is voice SQL injection and how Alexa was hacked with it?

  • The expert tried to access an administrator account for which he did not have authorization with the name and identification of the account
  • Alexa originally denied the expert’s request
  • The expert tried to dodge Alexa’s refusal by calling a random number with syntax that would trigger SQL injection
  • When the system requested an account ID, the expert only said a random number and added another command, which gave him access to any line in the database
  • In the end, Alexa provided the expert with the balance information of the unauthorized administrator account



Knowledge belongs to the world

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store