Researchers at cybersecurity firm Checkmarx have found a way to turn an Amazon Echo (Alexa-powered) smart speaker into an eavesdropping device. They didn’t use a vulnerability in the Echo device or Alexa service, but merely used the options available in the Alexa software development kit (SDK), normally made available to Alexa app developers. They abused a parameter called “shouldEndSession
Source: right after the reply to the first.”