Amazon Alexa Could Have Been Hacked to Access Private Data, Voice History

Amazon Alexa Could Have Been Hacked to Access Private Data, Voice History
Researchers at cyber-security agency, Check Point, have detailed a number of vital vulnerabilities in Amazon’s Alexa voice assistant, making it extremely prone to hacking. In a report revealed at this time, the researchers stated that sure Amazon/Alexa subdomains have been susceptible to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross Site Scripting. “Using the XSS we were able to get the CSRF token and perform actions on the victim’s behalf”, they stated in an official weblog publish.

According to the researchers, the vulnerabilities may have allowed attackers to silently set up or delete Alexa ‘skills’ on an person’s Alexa account with out consent. Hackers may have additionally accessed a listing of all put in abilities on any compromised Alexa account, they stated. What’s much more worrying is that the failings allowed attackers to achieve entry to an person’s voice historical past and private info.

“In effect, these exploits could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill”, stated the researchers. To efficiently break into different individuals’s Alexa accounts, hackers simply wanted to get unsuspecting customers to click on on a specially-crafted Amazon hyperlink. The researchers additionally stated that they may entry the cellphone numbers, dwelling addresses, usernames and banking information of many customers by deploying their proof-of-concept code.

Check Point disclosed the findings to Amazon in June, and fortunately, the e-commerce big has since patched the vulnerabilities. “We conducted this research to highlight how securing these devices is critical to maintaining users’ privacy”, stated Oded Vanunu, Check Point’s Head of Products Vulnerabilities Research. “Thankfully, Amazon responded quickly to our disclosure to close off these vulnerabilities on certain Amazon/Alexa subdomains”, he stated.

Featured Image Courtesy: Check Point

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.