Echo Dot Stops Responding - New Mystery Devices Showing in Alexa App

[hbskisurf]

I have 5 Echo Dots and they have all been working great.  

 

However, all of a sudden tonight every command gets a "that command doesn't work on device X"

 

Communication with the ISY seems fine (portal shows it's online, I can run the programs from my phone and they still all work, no other changes have been made to the system).

 

The only thing I notice is when I go into my Alexa app and discover devices I see 25 devices that I don't recognize when sorted by newest.  They appear to have spanish names...I have no idea what or where these devices are from.  When I delete them, they reappear.

 

Any ideas what's going on or what I can try?

[tmorse305]

Same problem with my devices.  If I say Ask ISY turn on device X  it works.  This started to happen in the last few hours.

[zerreissen]

French names, but yep, same here:

 

[pstoop]

I'm getting the same new devices as 

zerreissen

[Paulk8]

Same problem

[auburnu008]

Exact same thing here. Glad I am not the only one. I tried rebooting the ISY, Echo and router. I hope this gets fixed soon!

[zGuy981]

I am having the same issue with the same ghost devices.

[paulbates]

Its a bug. DO NOT DISCOVER DEVICES RIGHT NOW. 

[Michel Kohanim]

Hello everyone,

 

Sincere apologies. We're looking into this issue right now. Please do not discover any devices.

 

Will keep you posted.

 

With kind regards,

Michel

[G W]

For what it's worth, I'm not having this issue.

 

I'm Gary Funk and I approved this message.

[zerreissen]

FWIW, mine is back to normal.

[zGuy981]

Mine is back to normal as well.

[Michel Kohanim]

Hello everyone,

 

Sincere apologies. Definitely a bug was introduced when we were asked by Amazon to investigate performance issues in OAuth authentication. This is now fixed. Please instruct Alexa to Discover Devices.

 

With kind regards,

Michel

[piconut]

Hello everyone,

 

Sincere apologies. Definitely a bug was introduced when we were asked by Amazon to investigate performance issues in OAuth authentication. This is now fixed. Please instruct Alexa to Discover Devices.

 

With kind regards,

Michel

 

I used the "discover devices" command from the alexa.amazon.com page and the spansih named devices are still showing up on mine.  What should I try now?

[larryllix]

I used the "discover devices" command from the alexa.amazon.com page and the spansih named devices are still showing up on mine.  What should I try now?

Go to the very bottom of the list and use the button to forget everything.

 

Then Discover again,

[intellihome]

Go to the very bottom of the list and use the button to forget everything.

 

Then Discover again,

 

Mine were French, I has to forget everything and re-discover.

[larryllix]

Mine were French, I has to forget everything and re-discover.

I just found this same problem two nights ago and had to forget/discover again..

[EddieRock]

So, how is the NOT a security issue? So, how I understand it... UDI can inject devices that weren't discovered into my system through the ISY Skill OR ??

 

Please explain how this vulnerability will be addressed. There were around 15-20 devices on my echo from 12/8.

 

The email I just received:

 

ISY Portal / Amazon Echo Discovery Error

 

Dear ISY Portal Subscriber,

 

With sincere apologies, during our last performance tune up for ISY Portal / Amazon Echo on 12/08/2016, we introduced a bug which was fixed within an hour. This said - and unfortunately so - during that one hour your Echo performed its automated discovery and discovered devices that belonged to a performance test system.

 

Although you will not experience any service interruptions and/or performance issues, we do recommend that you follow the instructions below in order to have those test devices removed from your Echo Smart Home profile:

 

1. Login to https://echo.amazon.com 

2. On the left navigation bar, click on Smart Home menu item. On the Right pane:

 

Method 1 - Remove Everything and Rediscover

3. If you have defined any Groups, please make note of them as you might have to recreate them

4. Scroll all the way down

5. Click on Forget all devices and groups link at the bottom

6. Once that's done, scroll up a little and then click on Discover devices

7. If your Groups are missing, please recreate them

 

Method 2 - Selectively Remove Erroneous Devices

3. Slowly scroll through the list of devices

4. If you don't recognize the device name, click on the Forget link at the right end

 

Again, sincere apologies for the inconvenience.

 

With kind regards,

UDI Sales

 

~WOW!!!

[G W]

So, how is the NOT a security issue? So, how I understand it... UDI can inject devices that weren't discovered into my system through the ISY Skill OR ??

 

Please explain how this vulnerability will be addressed. There were around 15-20 devices on my echo from 12/8.

 

The email I just received:

 

 

ISY Portal / Amazon Echo Discovery Error

Dear ISY Portal Subscriber,

With sincere apologies, during our last performance tune up for ISY Portal / Amazon Echo on 12/08/2016, we introduced a bug which was fixed within an hour. This said - and unfortunately so - during that one hour your Echo performed its automated discovery and discovered devices that belonged to a performance test system.

Although you will not experience any service interruptions and/or performance issues, we do recommend that you follow the instructions below in order to have those test devices removed from your Echo Smart Home profile:

1. Login to https://echo.amazon.com

2. On the left navigation bar, click on Smart Home menu item. On the Right pane:

Method 1 - Remove Everything and Rediscover

3. If you have defined any Groups, please make note of them as you might have to recreate them

4. Scroll all the way down

5. Click on Forget all devices and groups link at the bottom

6. Once that's done, scroll up a little and then click on Discover devices

7. If your Groups are missing, please recreate them

Method 2 - Selectively Remove Erroneous Devices

3. Slowly scroll through the list of devices

4. If you don't recognize the device name, click on the Forget link at the right end

Again, sincere apologies for the inconvenience.

With kind regards,

UDI Sales

~WOW!!!

The answer is in the email you received and posted.

 

I'm Gary Funk and I wrote this message.

[EddieRock]

Actually, they already replied with a better answer... Not sure how they can direct device discovery to another ISY from my Echo but that's scarry....

 

Hi Ed,

I am so very sorry for the inconvenience. Here's what happened :

To test performance, we directed device discovery to a test ISY. I.e from Echo to Portal to ISY (not the other way around). We cannot control anything in your ISY without a token from your Echo which is only created by Echo. Again, this was a test for device discovery form Echo to a low bandwidth ISY and not the reverse. 

 

Ed

[larryllix]

There is no security with any cloud based service, only trust.

[MWareman]

There is no security with any cloud based service, only trust.

This....

 

I'll add to say I *REALLY* trust UDI....

[paulbates]

This was not a security issue, but an incident in cloud software development and maintenance. Its different for the portal than our ISY FW.  

 

With ISY FW, we decide when to upgrade. With cloud, software changes are made in the layer between our ISY and Amazon

• The good news is that a single change is rolled out to everyone at the same time
• The bad news is that a single change is rolled out to everyone at the same time.

Can you access your ISY at all from the Internet? (mobile app, open ports?) If yes, that is a security risk. I've traded off closing router ports with traversing 2 cloud layers (ISY Portal & Amazon). So arguably I've only moved the security risk... a 'no risk' scenario doesn't exist (unless you 'air gap' your ISY from the internet).

 

This kind of thing happens in software development. How incidents are handled, for instance how it was handled by UDI in this case, is what matters.

[Teken]

There is no security with any cloud based service, only trust.

 

Larry pretty much cut down to the bone here.

 

Almost everything a person does in life is based on trust, honor system, and rule of law. I trust my homes voice integrated security with UDI way before I can say the same for Google.

 

To think there are tens of millions of sheep knowingly using Nest TSTAT, Nest Protect, Nest Drop Cam, Google Fiber, Google Home, Google Mail, Google Media, etc.

 

Quite shocking and comical in the same breath - let the games begin! 

[Michel Kohanim]

Hello everyone,

 

Thanks so very much for all the feedback and your trust which we will never ever take for granted. This said, this was a disturbing bug: not that it would have any security implementations but because we didn't catch it. The original reason for this performance test was:

1. Amazon measures response times between Echo invocations (discovery) and service response

2. We have about 1% cases where the response time is more than expected. This used to be higher due to inactive accounts (for which subscribers got emails from us)

3. For holiday, Amazon expects a dramatic increase in the call volumes and thus they wanted to make sure all partners can handle the traffic

4. We tested everything in the portal and concluded that the issue is in Amazon OAuth servers for which we submitted a ticket

 

Again, sincere apologies for the inconvenience and the alarm.

 

With kind regards,

Michel