With continuous technological innovation, the Internet of Things (IoT) also making extraordinary growth and evolution that makes smart home devices more convenient to use. The development includes an internet-connected system that allows users to be notified through emails or SMS. Moreover, it also includes the use of voice command or voice automation like Alexa.
Alexa is Amazon’s voice service that makes a lot of devices more convenient to use. By using Alexa, users can control their smart home devices through voice command. Alexa provides a lot of advantages to consumers. Such as automation of batteries, filters, and other products smart home device needs. Alexa indeed gives a hassle-free experience.
Its key features include a built-in voice user interface that enables simpler development and adoption for customers; easy end-to-end experiences because it conveniently allows customers to have more control over their devices through their voices; a wide choice of connectivity because Alexa can incorporate your devices in many ways. It really brings convenience!
But there are lots of susceptibilities to Amazon’s Alexa. The needs of the providers of smart home platforms are the main priority like Apple’s HomeKit. It is important to keep security as part of the service.
Why Consider Smart Home?
The idea of a smart home will draw lots of attention. But if the automated helper performs mistakes in doing household jobs and securing your home, it’s gonna be a total mess. Many people are using Amazon’s Alexa for a smart home setup. But susceptibilities have been figured out. The attackers are granted to do tasks and they will know the user’s command to Alexa. This problem has been fixed since then.
According to Check Point Security researchers, lots of Amazon and Alexa subdomains were at risk of Cross-Origin Resource Sharing (CORS) misconfiguration and Cross-Site Scripting (XSS). Through XSS, the attacker will be able to receive a CSRF token. This gives them access to elements of the smart home installation.
According to the report, through an XSS, the attacker will be able to obtain a CSRF token that will give them access to elements of the smart home installation. It’s another warning about the trouble that is coming to the increasing extent of connected Digital Lifestyle and one that also indicates well for those components inside the Foxberry Tematica Research Cybersecurity & Data Privacy Index.
The researchers stated that some of the reasons for this problem are the immediate installation of Alexa skills. Yet the user has no knowledge about it. That leads to getting a list of all installed skills and the voice history of the owner with Alexa. And also their personal data.
This ability of manipulation has the possibility to access even if the version of the current skill that is installed has been changed. An attacker will intrude on unnecessary activities. Or they will get more information from the user. Moreover, the attacker will have a chance to eavesdrop conversations close to an Echo device.
If ever someone is eavesdropping, the users can be alerted through the blue light indicator on the Echo device.
Through the Alexa Privacy Settings page or Alexa app, users will be able to detect and erase their voice history. You can command Alexa to erase what you had just said. Everything you said that day through your voice and all the records will be automatically gone too. In an automated deletion option, the data will be erased when it is already stored for three or eighteen months.
As Alexa keeps on listening to all commands, smart speakers produce perfect bugging devices wherein attackers will be able to pass the security that is placed on the device. Many declared that letting Amazon inside your home was really not a good idea if it’s not strongly secured.
With one click of the Amazon link, the attacker will take advantage of its vulnerabilities.
Amazon Echo
Amazon Echo owners have been warned that voice assistant Alexa can cause hackers to access their personal information, install or remove Alexa Skills (what Amazon calls apps for its smart speaker), or listen to recordings of voice commands. Researchers found a vulnerability within the chatty assistant that can be misused through a malicious link crafted by a cyber crook.
The vulnerabilities to Amazon were revealed in June 2020 by Check Point. Yet this problem was resolved.
According to CheckPoint, Internet of Things devices are prone to attackers. They don’t have strong security that is why they are usually the target. Cybercriminals keep on finding methods of hacking devices. And they make them as a way of infecting some important systems. This research is not enough for the bridge to IoT appliances. The bridge and the devices act as the main points. They should be protected always to stop attackers from hacking your smart home
According to an Amazon spokesperson, the safety of devices is very important to be a focus. That’s why we should be thankful for the Check Point who gives us awareness about this problem. They are trying their best to resolve this problem and to have strong security on the systems. They did not know any circumstances. For example, this vulnerability was experienced by the users, or their information was revealed.
Amazon became the center of attention because of the security and privacy issues of its smart home platform before. In 2019, the employees of Amazon enhance its skill by listening to the audio recordings from Echo devices. After that, researchers succeed in adding spying apps to app stores for Alexa and Google Home. It has the ability that lets eavesdropping and hacking to occur.
On the other side, Apple is always working on improving the security of the HomeKit smart home platform. Just like Apple, the company also working on keeping everything as secure as possible, such as expanded use of encryption. The New HomeKit-compatible device has lots of requirements and restrictions before you can access it. For what happened, it leaves a lesson and brings a more secure platform now.