Alexa can be a bit of a blabbermouth sometimes.
It’s pretty well-understood by now that using IoT tech like an Amazon Echo carries with it certain risks. To use a device with Alexa compatibility is to give it access to private information, including addresses, banking info, and account passwords. Amazon has done a pretty good job of keeping things ship-shape, but no algorithm is perfect, and whenever there’s an imperfection, unsavory sorts worm they way in.
According to a report released yesterday by security firm Check Point, devices that utilized Amazon’s Alexa assistant were at risk of having their device hijacked by hackers until recently. As the report lays it out, a hypothetical hacker would first generate a malicious link disguised as a simple Amazon link and send it out to their potential victims. If someone were to click on this malicious link, the hacker would gain access to an associated Alexa’s list of “skills,” or the various phrases that Alexa recognizes and responds to. The hacker could then delete a common phrase and action combo and replace it with an attack app that siphons information. The next time the victim attempts to activate that particular function in Alexa, the hacker’s attack app would be activated instead and begin stealing data. In addition to accessing Alexa’s skills, the hacker would also gain access to Alexa’s command log, which records anything the user has said, which could contain sensitive information.
Thankfully, this flaw has already been dealt with. Check Point reported its existence to Amazon back in June, and it was swiftly patched.
“The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us,” an Amazon spokesperson told The Hill. “We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed.”
Though the danger has passed, experts are still warning smart device users to be vigilant and careful with how they handle their data. As technology evolves, hacking evolves along with it, so make sure you’re on top of the latest fixes and patches.