Amazon Alexa Vulnerabilities Patched
Amazon leads the marketplace with its smart speakers powered by Alexa. In 2019, they controlled 70% of the marketplace with their virtual assistant. Homeowners are using Amazon smart speakers to connect to lights, thermostats, and security cameras at an exponential rate. It’s no surprise then why hackers would want to take advantage of this growing market.
Last week, the IT research firm Check Point released details of vulnerabilities they found in the Alexa software. Alexa has the ability to install “skills,” basically third party applications to enable features the smart speaker does not perform natively. Check Point found these skills applications could be used maliciously to view user’s voice history and personal information.
“Smart speakers and virtual assistants are so commonplace that it’s easy to overlook just how much personal data they hold, and their role in controlling other smart devices in our homes. But hackers see them as entry points into peoples’ lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware,” said Oded Vanunu, Head of Products Vulnerabilities Research at Check Point.
Amazon is very interested in getting these smart speakers into consumers’ homes. For a period of time they were offering an Echo Dot for 99 cents with the purchase of one month of Amazon music. They have also offered free smart speakers with the purchase of Ring cameras, and other smart home devices. The vulnerability was pointed out to Amazon earlier in the summer, and they say it was patched in June. Check Point only released the details late last week. It sounds like this research has prompted Amazon to pay more attention to securing these devices, but any new piece of third party software introduces a vulnerability. We have seen issues recently with Chrome browser extensions. Any avenue a hacker can use to install an add-on, or a third party extension, they will use it take advantage of consumers.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.