Security News
Attention! If you use Amazon's voice assistant Alexa in you smart speakers, just opening an innocent-looking web-link could let attackers install hacking skills on it and spy on your activities remotely. According to a new report released by Check Point Research and shared with The Hacker News, the "Exploits could have allowed an attacker to remove/install skills on the targeted victim's Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill."
The attacks involved a Cross-Origin Resource Sharing misconfiguration and Cross Site Scripting bugs identified on Amazon and Alexa subdomains, which eventually allowed the researchers to perform various actions on behalf of legitimate users. Successful exploitation of these vulnerabilities could allow an attacker to retrieve the personal information of an Alexa user, as well as their voice history with their Alexa, but also to install applications on the user's behalf, list installed skills, or remove them.
The flaws could also have helped attackers obtain usernames, phone numbers, voice history, and installed skills, says Check Point Research. Silently installed skills and apps on a user's Alexa account.
UPDATE. Vulnerabilities in Amazon's Alexa virtual assistant platform could allow attackers to access users' personal information, like home addresses - simply by persuading them to click on a malicious link. Researchers with Check Point found several web application flaws on Amazon Alexa subdomains, including a cross-site scripting flaw and cross-origin resource sharing misconfiguration.
Pearson, the world's learning company, announced the promotion of Alexa Christon to chief marketing officer reporting to chief corporate affairs officer, Deirdre Latour. Since coming to Pearson a year ago, Alexa has made major strides in developing a global brand strategy and deploying that strategy to enable Pearson's ongoing transformation to the world's online learning company.
Giving users of smart assistants the option to adjust settings for privacy or content delivery, or both, doesn't necessarily increase their trust in the platform, according to a team of Penn State researchers. Trust in Amazon Alexa went up for regular users who were given the option to adjust their privacy and content settings, the researchers found in a recent study.
Researchers say that Amazon and Google need to focus on weeding out malicious skills from the getgo, rather than after they are already live.
Lasers Mimicking Voice Commands Can Open DoorsIt's a laser-focused hack. Literally. Voice-controlled assistants such as Amazon's Alexa, Apple's Siri and Google's Assistant can be tricked into...
A friend heard a couple arguing but couldn't make out what it was about. Police hope that Alexa might have a better idea.
A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the...