Wednesday, September 30, 2020
News

Security bugs discovered in Amazon Alexa, fixed now

   SocialTwist Tell-a-Friend    Print this Page   COMMENT

New Delhi | Thursday, 2020 9:45:06 PM IST
Researchers with cybersecurity firm Check Point Software Technologies on Thursday said they recently identified security vulnerabilities in certain Amazon Alexa subdomains that would have allowed a hacker to remove or install skills on the targeted victims Alexa account, access their voice history and personal data.

The attack required a single click by the user on a malicious link crafted by the hacker and voice interaction by the victim.

Amazon fixed the issue soon after it was reported, said Check Point Research, the threat intelligence arm of the company.

"Smart speakers and virtual assistants are so commonplace that it's easy to overlook just how much personal data they hold, and their role in controlling other smart devices in our homes," Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, said in a statement.

"But hackers see them as entry points into peoples' lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware."

With over 200 million sold globally, Alexa is capable of voice interaction, setting alerts, music playback, and controlling smart devices in a home automation system.

Users can extend Alexa's capabilities by installing "skills." which are voice-driven apps.

However, the personal information stored in users' Alexa accounts and the device's use as a home automation controller makes them an attractive target for hackers.

Check Point researchers demonstrated how the vulnerabilities they found in certain Amazon/Alexa subdomains could be exploited by a hacker crafting and sending a malicious link to a target user, which appears to come from Amazon.

If the user clicks the link, the attacker can then access a victim's personal information, such as banking data history, usernames, phone numbers and home address, among other things.

"We conducted this research to highlight how securing these devices is critical to maintaining users' privacy. Thankfully, Amazon responded quickly to our disclosure to close off these vulnerabilities on certain Amazon/Alexa subdomains," Vanunu said.

"We hope manufacturers of similar devices will follow Amazon's example and check their products for vulnerabilities that could compromise users' privacy."

--IANS gb/na

( 358 Words)

2020-08-13-15:51:56 (IANS)

 
  LATEST COMMENTS (0)
POST YOUR COMMENT
Comments Not Available
 
POST YOUR COMMENT
 
 
TRENDING TOPICS
 
 
CITY NEWS
MORE CITIES
 
 
 
MORE SCIENCE NEWS
OnePlus 8T to come with OxygenOS 11 out ...
Google Meet to give unlimited calls in f...
Titan's lakes can stratify like those on...
Amazon introduces new way to make people...
Facebook simplifies cross-posting across...
Microsoft Bing wins key slots in Google'...
More...
 
INDIA WORLD ASIA
'Soviet disinformation in Indian newspap...
Karnataka heads for 2 key Assembly bypol...
Can't voluminous matters be heard throug...
BJP President's tips for graduating stud...
Lucknow gears up for Babri demolition ve...
BJP will do well in upcoming Assembly by...
More...    
 
 Top Stories
Markets open on a positive note Wed... 
Google Meet to give unlimited calls... 
Hathras victim cremated amid tight ... 
Will you shut up, man: Personal att... 
Djokovic, Pliskova advance to secon... 
Amid corona, patients with seasonal... 
Hathras gang rape victim cremated a... 
Facebook simplifies cross-posting a...