Check Point: Serious security vulnerabilities in Amazon’s assistant


The Israeli cyber security company Check Point reveals serious security vulnerabilities in Alexa. Weaknesses made it possible to remotely run existing applications on the software, install applications without the victim’s knowledge, and gain direct access to the information contained therein.

Security breach in Amazon’s Alexa (Check Point)

“Digital devices have become an integral part of our lives, and sometimes we do not feel how much they store sensitive information about us. Hackers are constantly looking for access to such information, spying on people and performing actions that would profit hackers without the victims’ knowledge,” said Oded Vanunu, head of the vulnerability department. Products at Check Point.

Serious security vulnerabilities in Amazon’s virtual assistant (Photo: AP)

To exploit these vulnerabilities, a hacker could send a message with a malicious link to the victim in a way that appears to have been sent from Amazon. By clicking on the link, hackers could achieve the following capabilities – all without the victim’s knowledge. Access to the personal information found on the software, including transaction history (banking and other), username, phones and residential address, access to voice commands performed through the software, installation of new applications on the software, removal of applications from the software.

Alexa is considered one of the most popular virtual assistants in the world, with over 200 million users worldwide, including in Israel. Alexa is capable of producing a very wide range of operations digitally – from remote operation of operations at home or office, to operations in the bank account or other sites. Alexa users can choose for themselves which options and applications to perform through it through voice activation. In this context, Alexa contains a lot of personal information about its users – which makes it a quality target for hackers.


Please enter your comment!
Please enter your name here