An XSS Flaw in One of Amazon’s Subdomains could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill. Amazon patched the vulnerabilities after the researchers disclosed their findings to the company in June 2020. The global smart speaker market size is projected to reach $15.6 billion by 2025, the research is another reason why security is crucial in the IoT space.
Source: https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html