By Jim Donovan

PHILADELPHIA (CBS) — You can ask it to play you a song, maybe even tell you a joke, but could your Amazon Echo be eavesdropping on you?

“For a couple seconds we didn’t say anything, so we were just listening to her talk and the TV in the background,” said Cameron McKay.

McKay is talking about the time he and his son remotely “dropped in” on his girlfriend’s house–miles away.

Thanks to the Amazon Echo and its “drop in” feature, the two could hear what was happening in her home and it took her by surprise.

“Drop in” allows for instant communication between Echo devices.  No need to call, you just “drop in”.

A little beep and a green-lighted rim around the top of the device is the only way to be alerted that someone is “dropping” in.

“You could be sitting and reading a newspaper, or watching the TV, or looking the other way and you might not notice or hear,” said Hemu Nigam, who is a tech security expert and runs an advisory firm for online safety.

Nigam cautions, like all internet devices, Alexa is susceptible to hackers.

“If a hacker takes control of your device, they can, in essence, do anything you can do,” he said.

Anything–including dropping in on your family and friends.

When you log into your Alexa app anyone in your phone’s contact list will show up if they have an Echo.

In the case of Cameron’s girlfriend, her Echo was set up as part of his household, meaning the devices were already linked.  She never had to accept a request, and he could just “drop in.”

Amazon defends the drop in feature from cybersecurity critics, pointing out that the “drop in” is automatically disabled on your Echo until you turn it on.  At any given time, users can mute “drop in” by asking Alexa to turn on “do not disturb” and that both parties must consent to using drop in.

As for the potential for Echo to be hacked, Amazon says they limit the information they disclose about specific security measures they take but say they have taken measures to make echo secure.