Amazon’s virtual assistant, Alexa, would have a security vulnerability that would have allowed cybercriminals to delete or install resources in the user’s account, access their search history and their personal dataThis is revealed by an investigation carried out by Check Point Research, a provider specialized in cybersecurity.
Within the study, it was determined that security weaknesses in some Alexa subdomains allowed cybercriminals to create and sending a malicious link to a target user, which allegedly came directly from Amazon. Once the person clicked on this link and interacted with the device by voice, it gave the attacker access to personal information.
Check Point determined that criminals through this method could access history of bank details, user names, phone numbers and home address. At the same time extract the victim’s voice history with Alexa, install or delete applications within the account without being detected and view the entire list of resources of the user’s account.
(You may be interested in: Is your WhatsApp slow? Clearing the cache may be the solution)