Ridiculous headline aside, Mohit Kumar:
Checkmarx reported the issue to Amazon, and the company has already addressed the problem by regularly scanning for malicious skills that “silent prompts or that listen for unusual lengths of time” and kicking them out of their official store.
I’d personally just assume that all Alexa-type devices can and will be compromised at some point to eavesdrop on you. What I don’t get is that this reporting makes it sound like Amazon is combatting the issue not by making a software patch for this loophole, but rather by policing to make sure bad actors are kicked out of the store. Which is not how this should be handled.