A dangerous vulnerability has been found in Amazon's voice assistant Alexa, which allows hackers to gain control over the system and, as a result, to personal data about its owner. Considering hundreds of millions of Alexa-based devices around the world, this problem is massive, security experts are sure.
A number of vulnerabilities have been discovered in Amazon's popular voice assistant Alexa, which could potentially be exploited by cybercriminals to gain access to confidential information. This is stated in a study by the information security company Check Point.
вЂњAt the end of 2019, more than 200 million devices with Alexa voice assistants were sold worldwide.
This technology is capable of voice interaction, can set alerts, play music, and control smart home devices.
Users can expand the capabilities of Alexa by installing additional features in the form of voice applications. However, personal data stored in user accounts, as well as access to the smart home system, make the Alexa application an attractive target for hackers, вЂќ says Check Point.
Researchers have discovered vulnerabilities in several Alexa subdomains that allow cybercriminals to send a malicious link to the device owner.
If the user clicked on the link, the hackers gained access to the victim's personal data, including banking history, phone numbers, and home address.
вЂњSmart speakers and virtual assistants seem so unremarkable that, at times, we lose sight of their role in managing a smart home, as well as how much personal data they store. For this reason, hackers view such applications as entry points into people's lives, through which they can gain access to personal data, eavesdrop on conversations and perform other malicious actions without the user's knowledge.
The purpose of our research is to highlight the need to ensure the security of devices like Alexa.
Fortunately, Amazon specialists quickly fixed vulnerabilities in the Amazon / Alexa subdomains. We hope that manufacturers of such devices will follow Amazon's lead and test their products for vulnerabilities that could potentially compromise user privacy, вЂќ said Oded Vanunu, head of vulnerability research at Check Point Software Technologies.
Last fall, a group of researchers from the Tokyo University of Electrical Communications and the University of Michigan discovered a technical vulnerability in smart speakers based on voice assistants.
It turns out that some popular microphones perceive the bright light of a laser pointer as sound.
The list of devices that can be tricked in this way includes the speaker's Google Home, Amazon Echo, Apple HomePod, and Portal, which are controlled by Assistant, Alexa, and Siri. The researchers only had to point a laser pointer at them to give them commands with the help of light вЂ” the speakers interpreted it as a standard voice command.
It was reported that in this way it was possible to open the front door, which is locked by a smart device, make a purchase on the Internet at someone else's expense, or even gain access to a Tesla car. At the same time, the attacker needed only about $400 to carry out the attack вЂ” for the pointer itself, the sound amplifier and the laser driver to increase the beam power.