Jamie P., Tech Times

Your trusted online secretary at-home may not be as trustworthy as you think it is. Amazon's Alexa has recently been told as a new target for hackers' newest scheme. They will pose as Amazon personnel, email a link to the system, and have all the info that Alexa has in-store about you. Yup, hackers can do it. 


Alexa warning: How to make sure you're not being hacked

As reported via Express UK, something is lurking on your dearest Alexa.

Security researchers from Check Point revealed a newly found flaw in the Amazon voice command system. The attack targets all more than 200 million Alexa users on Amazon Echo devices. 

The hacking process is simple: make Alexa talk your personal data to hackers. Researchers said that threat actors input a vulnerability code inside the Echo system. 

To clarify, the hacking won't access your Amazon Echo or Alexa recordings. So, that's safe.

The problem, however, starts when hackers send an email posing as Amazon. When the user clicks the email with a certain link, it will be redirected to allow Alexa's system to talk about your personal data such as home addresses, contact numbers, online accounts, or even bank history details. 

"Our findings show that certain Amazon/Alexa subdomains were vulnerable to Cross-Origin Resource Sharing (CORS) misconfiguration and Cross-Site Scripting. Using the XSS, we were able to get the CSRF token and perform actions on the victim's behalf," said Check Point. 

The complete list is as follows: 

  • Access the target's personal information, like banking data history, usernames for online accounts, phone numbers, and home address
  • Extract and listen to voice recordings from previous requests to Alexa
  • Silently install skills onto the target's Alexa account to enable new features
  • View the complete list of Alexa skills already associated with the target's account
  • Silently remove an installed skill to stop it working

Amazon has not yet released a statement on the potential security threat on Alexa users. However, Express UK said that the company already fixed the issues. 

Can your Amazon's Alexa be hacked

Just like other devices, Amazon's Echo is also capable of being hacked by malicious threat actors. 

Last year, Forbes reported that Amazon Alexa could even be hacked within 100 meters, using a laser. 'Light commands' is one of the most common hacking techniques made by actors. 

The light can transmit the same signal coming from the microphones and used it to mimicked the voice with the laser beam. 

"It's just the sort of vulnerability that designers, even those with great threat models, don't think about. It just goes to show that the threat can evolve, and so should your threat model," said Professor Alan Woodward, a security expert from the University of Surrey.

ALSO READ: Scammers Target Alexa Device Customers by Using a Fake Amazon App

This article is owned by Tech Times

Written by Jamie Pancho

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Alexa hacked Amazon hacked Alexa hacker Echo devices
Join the Discussion