Amazon’s virtual assistant, Alexa, would have a security vulnerability that would have allowed cybercriminals to delete or install resources in the user’s account, access their search history and their personal dataThis is revealed by an investigation carried out by Check Point Research, a provider specialized in cybersecurity.
Within the study, it was determined that security weaknesses in some Alexa subdomains allowed cybercriminals to create and sending a malicious link to a target user, which allegedly came directly from Amazon. Once the person clicked on this link and interacted with the device by voice, it gave the attacker access to personal information.
Check Point determined that criminals through this method could access history of bank details, user names, phone numbers and home address. At the same time extract the victim’s voice history with Alexa, install or delete applications within the account without being detected and view the entire list of resources of the user’s account.
(You may be interested in: Is your WhatsApp slow? Clearing the cache may be the solution)
–
Criminals through this method could access the history of bank details, user names, telephone numbers and home address
–
––
“We conducted this research to highlight how the security of these devices has become crucial in maintaining user privacy.. Fortunately, Amazon responded quickly to address these vulnerabilities. We hope that manufacturers of similar devices will follow their example and verify that their products do not harbor vulnerabilities that could compromise the privacy of consumers ”, explained Antonio Amador, Country Manager for the North Latin America Region of Check Point.
(Also: Cell phones in which the latest WhatsApp update will not work)
Alexa works on more than 200 million devices and allows you to interact with users through voice, play music, schedule alerts and control smart devices in a home automation system.
How to avoid this type of attack?
To avoid being a victim of this type of attack it is important avoid downloading applications that are not known, think carefully about what information you are sharing with your device, especially the information regarding passwords and banking credentials.
(Read also: Uber threatens to stop operating in California after court ruling)
Also, before downloading a new app, take the time to document yourself about the software you have before installing it and verify what permissions you have.
You may also be interested in:
– TikTok would have bypassed Android rules to keep data
– Five common mistakes when buying online
– The project for Android cell phones to detect earthquakes
TECHNOSPHERE
Twitter: @TecnosferaET
–
