27 C
Jaipur
Thursday, October 29, 2020

Amazon Alexa Could Have Been Hacked to Access Private Data, Voice History

Must read

Call Of Duty Mobile Season 12 Expected Release Date

A few days back, Call of Duty Mobile released the Season 11 update to celebrate the game’s first anniversary. There’s a lot of amazing...

10 Funniest WiFi Names You Could Possibly Think Of

When it comes to naming their WiFi, people tend to go for something simple such as “Bedroom_Wifi” or something more personal such as “Monica’s...

Microsoft Planning Windows 10 UI Overhaul in 2021: Report

Microsoft is reportedly planning to give Windows 10 a UI facelift late next year. According to a new report on Windows Central, the project...

Researchers at cyber-security firm, Check Point, have detailed multiple critical vulnerabilities in Amazon’s Alexa voice assistant, making it highly susceptible to hacking. In a report published today, the researchers said that certain Amazon/Alexa subdomains were vulnerable to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross Site Scripting. “Using the XSS we were able to get the CSRF token and perform actions on the victim’s behalf”, they said in an official blog post.

According to the researchers, the vulnerabilities could have allowed attackers to silently install or delete Alexa ‘skills’ on an user’s Alexa account without consent. Hackers could have also accessed a list of all installed skills on any compromised Alexa account, they said. What’s even more worrying is that the flaws allowed attackers to gain access to an user’s voice history and personal information.

“In effect, these exploits could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill”, said the researchers. To successfully break into other people’s Alexa accounts, hackers just needed to get unsuspecting users to click on a specially-crafted Amazon link. The researchers also said that they could access the phone numbers, home addresses, usernames and banking data of many users by deploying their proof-of-concept code.

Check Point disclosed the findings to Amazon in June, and thankfully, the e-commerce giant has since patched the vulnerabilities. “We conducted this research to highlight how securing these devices is critical to maintaining users’ privacy”, said Oded Vanunu, Check Point’s Head of Products Vulnerabilities Research. “Thankfully, Amazon responded quickly to our disclosure to close off these vulnerabilities on certain Amazon/Alexa subdomains”, he said.

Featured Image Courtesy: Check Point

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Call Of Duty Mobile Season 12 Expected Release Date

A few days back, Call of Duty Mobile released the Season 11 update to celebrate the game’s first anniversary. There’s a lot of amazing...

10 Funniest WiFi Names You Could Possibly Think Of

When it comes to naming their WiFi, people tend to go for something simple such as “Bedroom_Wifi” or something more personal such as “Monica’s...

Microsoft Planning Windows 10 UI Overhaul in 2021: Report

Microsoft is reportedly planning to give Windows 10 a UI facelift late next year. According to a new report on Windows Central, the project...