It’s not uncommon for security flaws to slip through in today’s devices. Unfortunately, these flaws allow hackers to potentially steal information from users. In this case, there was a security flaw with Amazon’s Alexa personal assistant that could have let hackers listen to your conversations.
Security firm Check Point has revealed that Amazon’s Alexa Web services had a bug allowing hackers to listen to the user’s entire voice history. That includes any interactions you’ve had with the unit. Oded Vanunu, Check Point’s Head of Product Vulnerability Research, explains that virtual assistance is something that we really only think about talking to and getting an answer from but don’t expect a malicious attacker coming in and gathering our information.
Virtual assistants are something that you just talk to and answer, and usually you don’t have in your mind some kind of malicious scenarios or concerns. But we found a chain of vulnerabilities in Alexa’s infrastructure configuration that eventually allows a malicious attacker to gather information about users and even install new skills.
An Amazon spokesperson commented to Wired about the security flaw stating:
The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed.
Even with the vulnerability patched, user information such as home address and some “skills” or apps they have linked could have been exposed. To prevent cases such as these, it’s best to delete your recorded history to at least lowering the chances of hackers viewing any of your private information.
It’s unfortunate that things like this can happen but what are your thoughts about Alexa having a security flaw that could have let hackers listen to your conversations? Let us know in the comments below or on Twitter, or Facebook. You can also comment on our MeWe page by joining the MeWe social network.