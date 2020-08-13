Your trusted online secretary at-home may not be as trustworthy as you think it is. Amazon’s Alexa has recently been told as a new target for hackers’ newest scheme. They will pose as Amazon personnel, email a link to the system, and have all the info that Alexa has in-store about you. Yup, hackers can do it.





As reported via Express UK, something is lurking on your dearest Alexa.

Security researchers from Check Point revealed a newly found flaw in the Amazon voice command system. The attack targets all more than 200 million Alexa users on Amazon Echo devices.

The hacking process is simple: make Alexa talk your personal data to hackers. Researchers said that threat actors input a vulnerability code inside the Echo system.

To clarify, the hacking won’t access your Amazon Echo or Alexa recordings. So, that’s safe.

The problem, however, starts when hackers send an email posing as Amazon. When the user clicks the email with a certain link, it will be redirected to allow Alexa’s system to talk about your personal data such as home addresses, contact numbers, online accounts, or even bank history details.

“Our findings show that certain Amazon/Alexa subdomains were vulnerable to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross-Site Scripting. Using the XSS, we were able to get the CSRF token and perform actions on the victim’s behalf,” said Check Point.

Amazon has not yet released a statement on the potential security threat on Alexa users. However, Express UK said that the company already fixed the issues.

Can your Amazon’s Alexa be hacked

Just like other devices, Amazon’s Echo is also capable of being hacked by malicious threat actors.

Last year, Forbes reported that Amazon Alexa could even be hacked within 100 meters, using a laser. ‘Light commands’ is one of the most common hacking techniques made by actors.

The light can transmit the same signal coming from the microphones and used it to mimicked the voice with the laser beam.

“It’s just the sort of vulnerability that designers, even those with great threat models, don’t think about. It just goes to show that the threat can evolve, and so should your threat model,” said Professor Alan Woodward, a security expert from the University of Surrey.

