You may or may not be surprised by this, but Alexa is always listening and phoning home back to Amazon. The same is also true for Google Assistance, Apple's Siri, and Microsoft's offering (what ever it's called these days). Pretty dystopian, isn't it?
It's listening even if you've never used Alexa, ever or turned it on. Everyone of those little Amazon devices have some form of Alexa built into it. Your FireTV stick, tablet, and smart TV's that came with Amazon FireTV preinstalled. It's there listening to everything you say and you are totally unaware of it most of the time.
Can you turn it off? Of course, maybe, probably? Who knows these days. What you can do is block it's access to the Internet on the DNS level.
I log all DNS queries that pass through my network. I even redirect outbound DNS traffic to a private DNS resolver on my network using OPNSense. Below is a list of all DNS queries that had the term 'alexa' show up in them.
alexa-18.na.gateway.devices.a2z.com
api.amazonalexa.com
avs-alexa-18-na.amazon.com
tp.b16066390-frontier.amazonalexa.comThey were extracted using the following command which assumes DNS is logging queries to a file named "/var/log/queries.log'':
xzfgrep alexa /var/log/queries.log.*.xz | awk '{for (i=1; i<=NF; i++) if ($i ~ /\.[a-zA-Z]{2,}$/) print $i}' | sort -uAdd them to your DNS blocker and hopefully you should be protected. I very much expect there are more. Even region specific ones that I won't see. There are a few more here that might be worth looking into https://github.com/hagezi/dns-blocklists/issues/134
Grabbing the hostnames for Google Assistant and Apple proved to be much more difficult since they each have nearly 300 hostnames that showed up in my logs. Many of them variations of subdomains under their primary domain, a nasty little tactic to discourage DNS level blocking. Also keep in mind this is for connections that used DNS hostnames. The problem is even more challenging when hard coded IP's are in use.
That said, I was able to grab one hostname that should probably get added to your block list:
embeddedassistant.googleapis.comYour best bet is to place these devices in a DMZ, alalyze the traffic and block as needed. The OPNSense firewall is your best friend here.
- Log in to post comments
.png)