Vulnerability leaking voice input history and personal information is reported to Amazon Alexa



Amazon's worldwide shipment of more than 200 million units, the smart assistant ``

Amazon Alexa '' installed in devices such as Amazon Echo is vulnerable to leakage of user's personal information and voice input history, 2020 Security company Check Point Research reports on Thursday, August 13th.

Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon's Alexa-Check Point Research
https://research.checkpoint.com/2020/amazons-alexa-hacked/

In one click: Amazon Alexa could be exploited for theft of voice history, PII, skill tampering | ZDNet
https://www.zdnet.com/article/in-one-click-amazon-alexa-could-be-exploited-for-theft-of-voice-history-pii-skill-tampering/

Check Point Research commented on Amazon Alexa's security issue, 'By letting the user click a malicious link, an attacker can exploit the vulnerability in Amazon Alexa.' For example, users who access phishing links on malicious emails or websites may be at risk of stealing Amazon-related cookies.

An attacker could also use a cookie to get a list of Alexa skills installed in a user's Amazon Alexa account, or force a cross-site scripting (XSS) attack to install or uninstall Alexa skills. Is also possible. Furthermore, if a user executes a malicious skill forcedly installed by an attacker, the attacker may steal personal information such as voice input history and phone number, home address, user name, bank account, etc. Check Point Research points out.



According to a Check Point Research study, there are two sources of security issues in Amazon Alexa, one is misconfiguration of resource sharing (CORS) between origins , and the other is an Amazon Alexa subdomain susceptible to XSS attacks. ... apparently ...

Alexa has previously been reported to have security vulnerabilities that record user conversations arbitrarily and send the conversation data to an unrelated third party.

Alexa arbitrarily sends conversation data recorded to a third party who is not related at all-GIGAZINE


By BestAI Assistant

In addition, Check Point Research has already reported the vulnerability of Amazon Alexa to Amazon as of June 2020, and the security issue of Amazon Alexa has been fixed at the time of writing the article. 'A device security is a top priority, and we thank Check Point Research for reporting a potential issue. The issue with Amazon Alexa has already been resolved and the system has been We are working on strengthening it, and there are no cases in which this vulnerability in Amazon Alexa has been exploited or user information has been leaked.”

Related Posts:

in Security, Posted by darkhorse_log