Geeks for your information News Privacy & Security News v
Amazon Alexa flaw that could expose personal information and speech histories found
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Amazon Alexa flaw that could expose personal information and speech histories found
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,067 in 3,839 posts
Thanks Given: 6,263
Joined: 12 September 18
#1
Information  14 August 20, 11:53
Quote:Security researchers have identified an exploit in Amazon’s Alexa voice platform. When exploited, Check Point Research says that the flaw could have given attackers access to users’ personal information. These include users’ Amazon account details as well as speech histories.
 
The researchers identified the vulnerability while conducting tests with the Alexa smartphone app. They used a script to bypass the mechanism implemented for protecting the app's traffic, which allowed them to view it in clear text. They found that several requests made by the app had a misconfigured policy, which could be potentially bypassed to send requests from a domain controlled by a malicious party.
 
In the real world, a bad actor would have been able to convince an unsuspecting user to click on a malicious link to Amazon that actually holds code-injection capabilities. Once clicked, the attacker would be able to get hold of the users’ list of apps and skills installed on Alexa. They would also be able to remotely install and enable new skills for the victim. More serious attackers could also get hold of users’ speech histories as well as personal information from their Alexa account.
 
Oded Vanunu, Head of Products Vulnerabilities Research at Check Point is quoted as saying in a press release:
Quote:Smart speakers and virtual assistants are so commonplace that it’s easy to overlook just how much personal data they hold, and their role in controlling other smart devices in our homes. But hackers see them as entry points into peoples’ lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware.
Vanunu adds that the research firm highlighted the flaw to Amazon back in June, and it responded by fixing it. “We conducted this research to highlight how securing these devices is critical to maintaining users’ privacy. Thankfully, Amazon responded quickly to our disclosure to close off these vulnerabilities on certain Amazon/Alexa subdomains,” he said.

Source: https://www.neowin.net/news/amazon-alexa...ries-found
[-] The following 2 users say Thank You to silversurfer for this post:
  • dhruv2193, harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Malwarebytes 5.1.3.110
Malwarebytes 5.1.3...Mohammad.Poorya — 00:51
Music Videos
Billy Joel - The Riv...jAcos — 17:24
Movies! Movies!
Beverly Hills Cop: A...jAcos — 17:22
TV Series
Matlock Kathy Bat...jAcos — 17:16
F-Secure 19.4
What's new in the ...harlan4096 — 09:44

[-]
Birthdays
Today's Birthdays
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
Upcoming Birthdays
avatar (43)wapedDow
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>