Connect with us

News

Alexa can be hacked with a simple link

Another day, another security issue.

amazon echo smart speaker with alexa
Image: Unsplash

Last year, researchers discovered that Amazon’s Alexa can be hacked via a laser. This year, a group of researchers revealed another way to hack Amazon’s Alexa. This time they didn’t use any lasers, but methods known as Cross-Site Scripting (XSS) and Cross-Origin Resource Sharing (CORS).

The research team behind this hack is known as Check Point Research. The team that revealed this vulnerability consists of three members: Yaara Shriki, Roman Zaikin, and Ikla Barda. They are specialized in collecting and analyzing cyber-attack data.

In their demonstrations, the Check Point Research team inserted a malicious link into Alexa camouflaged as a Skill installer. Then all that is left is for the unsuspecting user to click the link for the fake Skill. That will trigger a series of communications between the servers. From there, it is smooth sailing for the hacker that can easily extract the user’s personal information.

The implications

The hack revealed that hackers can collect important personal data such as IDs and access tokens. The data is extracted when the subdomains communicate with one another with the purpose to execute certain tasks.

So far, there isn’t an official response from Amazon and whether the company has managed to patch up this vulnerability. There are over 200 million Alexa-powered devices out in the wild that are potentially vulnerable to this hack.

What do you think? Surprised that Alexa devices can be so easily hacked? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in News