Check Point has revealed a serious security breach on Amazon


Amazon (unsplash photo)
Security vulnerabilities have been identified by a team of Check Point researchers in Amazon’s voice assistance system, Alexa. Weaknesses allowed access to the history of calls made by users through Alexa and of the voice commands given to it, as well as the ability to remotely activate Alexa and access additional personal information contained in the software. The ability to access Alexa remotely is considered a significant weakness, as this way you can uninstall applications installed on it and install new ones. The security flaws that were discovered were brought to the attention of Amazon, which then took care to fix them.

Alexa, which operates primarily on Amazon’s hardware (including speakers, microphones, watches, glasses and rings – all smart, of course), is the most popular voice assistance service in the world today, with 200 million users. In addition, more than 60% of the smart speakers sold around the world today are from Amazon. According to a previous announcement by the e-commerce giant, the recordings of Alexa users will not be deleted unless the user himself deletes them. As a result, security vulnerabilities created direct access to them.

The way hackers could hack into Alexa was to send a message to the user, impersonating an official Amazon message, with a link that allows the sender to access the software and expose information such as phone numbers, residential addresses and usernames. In fact, all the information Alexa receives as voice commands – including answering the phone, logging in to the bank account, reading meeting diaries and ordering food deliveries – was exposed to hackers.

It should be noted that recently popular platforms and smart devices have become common attack targets in view of the fact that they populate a lot of information that can be used to perform various stings. Late last month, Check Point revealed a similar security vulnerability in the “Okay Cupid” dating platform, which allowed hackers to fish out particularly personal information of users for malicious purposes.

Comments on the article(0):

Your response has been received and will be published subject to system policies.

For a new response

Your response was not sent due to a communication problem, please try again.

Return to comment


Please enter your comment!
Please enter your name here