Amazon Alexa bug could have exposed your voice history to hackers | HT Tech

Amazon Alexa bug could have exposed your voice history to hackers

The good news is that Amazon fixed the bug as soon as it was reported. This means Alexa users can continue using their devices without any fear.

By: HT TECH
| Updated on: Aug 13 2020, 19:52 IST
In addition to that, it would have also allowed hackers to extract a victim’s voice history, silently install skills on a user’s Alexa account, view the entire skill list of an Alexa user’s account and silently remove an installed skill.
In addition to that, it would have also allowed hackers to extract a victim’s voice history, silently install skills on a user’s Alexa account, view the entire skill list of an Alexa user’s account and silently remove an installed skill. (REUTERS)

Amazon Alexa is one of the most popular virtual assistants in the world. It capable of performing a wide variety of tasks right from cracking jokes to controlling users' IoT devices. Now, security experts have discovered a critical flaw in Alexa that could have exposed the voice history of millions of Alexa users across the globe to hackers.

According to a report by cybersecurity firm Check Point, Amazon Alexa's subdomains had a critical flaw that could have allowed hackers to remove or install skills on the targeted victim's Alexa account, access their voice history and personal data. The attack, as per the report, required a single click by the user on a malicious link crafted by the hacker and voice interaction by the victim.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

In their investigation, the Check Point researchers found that certain Alexa subdomains could be exploited by hackers crafting and sending a malicious link to target users, which appears to come from Amazon. Clicking on the malicious link would have allowed the attacker to access a victim's personal information, such as banking data history, usernames, phone numbers and home address. In addition to that, it would have also allowed hackers to extract a victim's voice history, silently install skills on a user's Alexa account, view the entire skill list of an Alexa user's account and silently remove an installed skill.

Also read
Looking for a smartphone? To check mobile finder click here.

“But hackers see them [smart speakers] as entry points into peoples' lives, giving them the opportunity to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point said in a statement.

ALSO READ: Own a pet? Here are top 5 Alexa skills for you

The good news is that Amazon fixed the bug as soon as it was reported. This means Alexa users can continue using their devices without any fear.

“Thankfully, Amazon responded quickly to our disclosure to close off these vulnerabilities on certain Amazon/Alexa subdomains. We hope manufacturers of similar devices will follow Amazon's example and check their products for vulnerabilities that could compromise users' privacy,” he added.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 13 Aug, 19:52 IST
Tags:
NEXT ARTICLE BEGINS