US giant Amazon has fixed a significant vulnerability in its flagship voice assistant Alexa allowing unauthorized access to users’ personal information, a cybersecurity company said Thursday.
“We are not aware of any case of use of this vulnerability against our customers or of exposure of information about customers,” an Amazon spokesperson told AFP, who said he had corrected the problem soon after it is reported.
“We have no information allowing us to know if this specific flaw was used” by hackers, explained Oded Vanunu, head of research on product vulnerabilities at Check Point, interviewed by AFP.
“Alexa has been on our minds for quite some time now, given its ubiquity and connection to other IoT devices. It is these digital mega-platforms that can do us the most harm,” he said. he warned.
In a statement, Check Point Research researchers claim to have “identified vulnerabilities in certain Amazon / Alexa subdomains that could allow a hacker to remove / install skills on the targeted victim’s Alexa account, access their history of voice exchanges and personal data “(history of bank data, telephone numbers and home address).
An Alexa “skill” is a voice application added to the original functionality of the assistant. They have access to users’ personal data and allow interaction with other connected objects (lights, doors, shutters, etc.).
“We are not aware of any case of use of this vulnerability against our customers or of exposure of information on customers,” an Amazon spokesperson told AFP, who said he had corrected the problem soon after it was reported. “We have no information on whether this specific vulnerability was used” by hackers, said Oded Vanunu, product vulnerability research manager at Check Point, when interviewed by the company. ‘AFP. “Alexa has been worrying us for some time now, given its ubiquity and connection to other IoT devices. It is these digital mega-platforms that can do us the most harm,” he said. He warned. In a press release, Check Point Research researchers claim to have “identified vulnerabilities in certain Amazon / Alexa subdomains that could allow a hacker to remove / install skills on the Alexa account of the victim targeted, to access their voice exchange history and personal data “(history of bank data, telephone numbers and home address). An Alexa” skill “is a voice application added to the original functionalities of the ‘assistant. They have access to users’ personal data and allow interaction with other connected objects (lights, doors, shutters, etc.).
–
