Amazon’s Alexa could not be as reliable as you think it is right now because it’s the new target of hackers. They tend to pretend as employees of Amazon and send an email to the system. Then gather all the information that Alexa contains about the owner. Don’t underestimate the hackers. They really have the ability to do that. Issues of the hacked Amazon accounts are currently growing.
Emails being hacked, identity being imitated, and online credit card fraud is truly devastating. You’re lucky if you didn’t experience these kinds of problems but don’t be too confident about your luck. We never know what happens next. Securing your online identity and activities are very important to be on your priority list.
Here’s The Awareness To Prevent Your Alexa From Being Hacked
According to the security researchers from Check Point, there’s a problem in the Amazon voice command system. There are over 200 million Alexa users on Amazon Echo devices that are a target by the hackers.
Hackers can easily hack the system by making Alexa talk about your personal information to them. Researchers stated that hackers also insert a vulnerability code within the Echo system. Once the owner can use this vulnerable code, it will totally harm them.
To be clear, your Amazon Echo or Alexa recordings are secured because hackers can’t enter in it.
The trouble only begins when hackers start to send you an email pretending to be Amazon. Once you click the email with a particular link, Alexa’s system will immediately expose your personal information. It includes contact numbers, home addresses, online accounts, and bank history details are also included. With just one click on the malicious link on your Alexa account, hackers can really hear all that you’ve ever said to your Amazon Alexa device.
Hackers Can Make Malicious Links Through the Flaws in Amazon and Alexa’s Subdomains.
When the link is clicked, it will lead the victim to a page that contains malicious code. Then the hacker sending a special request to Alexa’s skills store and making it believe that the owner wants to access it. Once the hacker is in, they will begin deleting or installing skills, and invading the victim’s Alexa voice history.
If you’re a victim of hacking, everything that the hackers heard from your Alexa device will become their property too.
As stated in the blog post of Check Point researchers, Amazon won’t store your banking login references yet your communications are recorded. Since there’s access to the chat history, the victim’s communication with the bank and their data history can also be accessible.
Amazon denied that any banking information was revealed to hackers. This company told Wired that all banking data is edited in Alexa’s responses.
Besides, the vulnerabilities will let a hacker split the commonly used skill. They can change it with a malicious skill on the targeted victim’s Alexa account.
Check Point determined that a particular Amazon/Alexa subdomain is unsafe against the Cross-Origin Resource Sharing (CORS) misconfiguration and Cross-Site Scripting. They also stated that they are using XSS to get the CSRF token and fix this problem.
The Whole List is Shown Below:
- Invade the victim’s personal data. This includes the banking data history, usernames for online accounts, contact numbers, and home addresses.
- Deriving and listening to the recent voice recordings of requests to Alexa
- Secretly sets up skills on the victim’s Alexa account to allow new features
- Can fully see all the list of Alexa skills that are already connected to the victim’s account
- Secretly gets all the installed skill to prevent it from functioning
Amazon didn’t announce anything yet about the possible security threat on the Alexa users. Yet the Express UK stated that they already solve these problems.
Is your Amazon’s Alexa really prone to hackers?
Amazon’s Echo is also prone to hackers just the same as the other devices.
Forbes announced last year that Amazon Alexa is prone to hackers. Hackers can hack with just 100 meters away with the help of a laser. Most hackers are using a hacking technique called ‘Light commands’.
The light can send the same signal from the microphones and it’s a way to imitate the voice through the laser beam.
According to Professor Alan Woodward, a security expert from the University of Surrey, it’s only a kind of vulnerability wherein the creator or even the skillful hackers are not paying attention to it. This problem has the possibility to expand more and also hackers.
About Alexa vulnerabilities, Android Authority stated that the protection of their devices is their main priority. They are also thankful to the independent researchers such as Check Point for bringing possible issues to them. They are already working on solving this issue as soon as it is brought to them. They continue to strengthen their systems.
The good news is that Amazon already fixes this problem. But there’s a possibility that hackers already exploit them before they are caught. It’s hard to determine how many users have been hacked or how many personal pieces of information are being exposed.
This incident is an awareness that you should be careful when using smart devices. Voice assistants are known for being prone to malicious actors. Last year, researchers succeeded in tricking the Alexa and Google Assistant by eavesdropping on users and hacking for their passwords. Hackers were also found that they can take control of Alexa, Siri, and Google Assistant smart speakers through laser beams.
Of course, you have to be extra careful about what you say to your voice assistants and smart speakers. Most smart devices have a kill switch to prevent hackers from eavesdropping to conversations. That switch is very helpful for you. It is also recommended to always erase your conversations with Alexa and other digital assistants so that these kinds of hacks won’t affect you.
Also, be extra cautious about the links that you will click. Always change your passwords, and limit personal interactions with all smart devices.