According to newly reported findings from Check Point researchers, Amazon Alexa may have incidentally exposed users to hacks from bad actors. More pertinently, that includes details users wouldn’t want malicious entities to have access too. That’s because any attacker would have effectively had access to the users’ entire voice history.
That’s based on vulnerabilities that would have allowed attackers to target users with fairly standard, but maliciously encoded links. Specifically, those would have been Amazon package tracking links.
With those links, if clicked by the end-user, the attacker could have used Amazon and Alexa subdomains to redirect users. In effect, they’d be directed to a legitimate-looking page with bad code. The code could then be used to send a request to the Alexa Skills store, allowing bad actors to delete and install skills, as well as accessing voice history.
The response from Amazon seems to indicate that all is well
Now, Amazon has responded with statements regarding the newly discovered potential Alexa hacks. And the news appears to be good.
Not only are bank details redacted in Alexa’s responses, making uncovering the specifics incredibly difficult. But the company also has found no evidence that the vulnerabilities were ever used against customers. There isn’t any indication that any details gathered through the use of the vulnerabilities were leaked out anywhere either. And, of course, the company has already patched the offending code.
That means that this time at least, the underlying issues shouldn’t crop up to cause problems for users down the line.
The company also indicates, as always, that security is a ‘top priority’ for its devices. And called out Check Point researchers with a note of appreciation for assisting Amazon in recognizing problem areas before they become a problem.
You should still be careful smart home devices, including Alexa
This latest set of vulnerabilities isn’t the first time Amazon has been called out over how its Alexa AI captures audio. Or about the potential for leaks and hacks. It’s certainly not the first time any smart home system has been found to be insecure either. In fact, reports on the matter do seem to be occurring with increasing frequency. So users should be cautious about how they interact with and around the IoT devices.