Security News > 2021 > February > Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process

Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process
2021-02-26 21:53

An Amazon spokesperson told Threatpost that the company conducts security reviews as part of skill certification, and has systems in place to continually monitor live skills for potentially malicious behavior.

Finally, before the skills can be actively made public to Alexa users, developers must submit their skills to be vetted and verified by Amazon.

During this vetting process, Amazon ensures that the skills meet their policy guidelines.

Researchers said they found 9,948 skills in the U.S. skill store that shared the same invocation name with at least one other skill - and across all skill stores, they found that only 36,055 skills had a unique invocation name.

Alexa skills can be configured to request permissions from users to access personal information from the Alexa account - such as the user's address or contact information.

Alexa skills have come under scrutiny in the past, starting in 2018 when researchers created a proof-of-concept "Rogue skill" that could eavesdrop on Alexa users - and automatically transcribe every word said.


News URL

https://threatpost.com/amazon-dismisses-claims-alexa-skills-can-bypass-security-vetting/164316/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Amazon 64 9 60 39 13 121