Like other types of devices, connected speakers may have flaws. And the results of recent research published by Check Point are here to remind us. Indeed, as reported by Wired magazine, it discovered a flaw in Alexa that could have allowed hackers to steal data such as the history of interactions with the assistant, but also personal profile information. , such as the address or the “skills” and applications used.
The good news is that this flaw has already been fixed by Amazon. “The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who reveals potential problems to us.”, said an Amazon spokesperson quoted by Wired.
“We fixed this issue shortly after it was brought to our attention, and we continue to strengthen our systems. We are not aware of any cases of use of this vulnerability against our customers or disclosure of customer information ”, we also read in the press release.
A flaw which, a priori, has not been exploited
In other words, there is no evidence that hackers have ever taken advantage of this flaw. On the other hand, Check Point suggests that such an attack would probably have been very complicated. However, this discovery is a reminder that digital assistants can also have flaws.
Oded Vanunu, Product Vulnerability Research Manager at Check Point, explains that people are usually less suspicious of attacks on connected assistants. In essence, to exploit this flaw discovered on Alexa, an attacker would have had to first invite the target to click on a malicious link, then deceive the platform so that it confuses the hacker with the legitimate user.
Recently we also touched on the discovery a flaw on Twitter that could have allowed access to the private messages of certain users of the Android version of the application.
–
