Skip to main content

An Alexa Bug Could Have Exposed Your Voice History to Hackers

posted onAugust 13, 2020
by l33tdawg
Wired
Credit: Wired

Smart-assistant devices have had their share of privacy missteps, but they're generally considered safe enough for most people. New research into vulnerabilities in Amazon's Alexa platform, though, highlights the importance of thinking about the personal data your smart assistant stores about you—and minimizing it as much as you can.

Findings published on Thursday by the security firm Check Point reveal that Alexa's web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability could have also yielded profile information, including home address, as well as all of the "skills," or apps, the user had added for Alexa. An attacker could have even deleted an existing skill and installed a malicious one to grab more data after the initial attack.

"Virtual assistants are something that you just talk to and answer, and usually you don’t have in your mind some kind of malicious scenarios or concerns," says Oded Vanunu, Check Point's head of product vulnerability research. "But we found a chain of vulnerabilities in Alexa's infrastructure configuration that eventually allows a malicious attacker to gather information about users and even install new skills."

Source

Tags

Privacy

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th