Amazon Alexa found to be vulnerable to malicious attackers
Alexa Skills flaw could have provided hackers with user's private data
Amazon says it has patched the vulnerability
#IBMCodePatterns, a developer’s best friend.
#IBMCodePatterns provide complete solutions to problems that developers face every day. They leverage multiple technologies, products, or services to solve issues across multiple industries.
Click here to know moreAdvertisements
Amazon Alexa devices were discovered to be vulnerable to an attack by hackers that would have given them access to your voice history, personal data and Alexa account. The vulnerability was demonstrated by Check Point Research in a report where it can be seen that a bad actor can use this flaw to access the victim’s personal information, voice history with Alexa and other private details.
Amazon’s Alexa devices include smart speakers, smart displays and other home automation products. Alexa skills are installed to extend the voice assistant’s capability to control more devices by voice commands. Amazon sold over 200 million Alexa-powered devices last year which makes it one of the more common IoT products that people buy.
The researchers at Check Point Software Technologies found that some Amazon subdomains could have been exploited by hackers to send a malicious link to users. These links seem to be genuine and users could mistake it for an official Amazon tracking link but it redirects to a malicious page which raises a request to get into your Alexa account and access your private information.
“We conducted this research to highlight how securing these devices is critical to maintaining users’ privacy. Thankfully, Amazon responded quickly to our disclosure to close off these vulnerabilities on certain Amazon/Alexa subdomains. We hope manufacturers of similar devices will follow Amazon’s example and check their products for vulnerabilities that could compromise users’ privacy,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point.
Amazon did take stock of the situation almost immediately and has seemingly fixed the vulnerability. While the researchers have suggested that hackers could have easily gained access into user’s private information, collecting bank account details but Amazon refutes this claim stating that all bank details are redacted from Alexa’s responses.
In a statement to Wired, Amazon said that “The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed."
This isn’t the first time a flaw has been discovered in smart devices as both Amazon and Google have often been demonstrated to be vulnerable to hackers. Having said that, we recommended our readers to be vigilant of smart devices and use the physical microphone disable button occasionally.
Popular Mobile PhonesView All
Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.
We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.