A group of researchers from Check Point discovered a vulnerability in Alexa speakers. With its help, attackers
The vulnerability was found in the Alexa companion application. Using a well-known generic script to bypass the mechanism, the researchers were able to look at the application's traffic. There they found several bugs in the Alexa web services - using them, you can access data.
To exploit this vulnerability,An attacker only needs to send a link to the user that leads to track.amazon.com, use a cookie to replace ownership of the application, and install malicious code. This allows an attacker to gain full full access to the assistant and Amazon account.
Voice assistants: what you need to know about program vulnerabilities?
Researchers warn that voicehelpers are easier to hack than conventional devices. In order to prevent hackers from gaining access to the search history, it is important to delete it. In the Alexa columns, the user just needs to say, "Alexa, delete everything I said today." You can do the same in the Alexa companion app by going to your privacy settings.
“Smart speakers and virtual assistants seemso unremarkable that we sometimes lose sight of their role in managing a smart home, as well as how much personal data they store. For this reason, hackers view such applications as entry points into people’s lives, through which they can gain access to personal data, eavesdrop on conversations and perform other malicious actions without the user’s knowledge,” Check Point noted.
Read also
- Created a way to eradicate parasites by blocking all pathways of their metabolism
- After the introduction of the Russian vaccine, 144 side effects were found in volunteers
- Published the first Starlink internet speed tests