The smart assistants have been questioned earlier on their ability to maintain a security standard. It could be about user data or the interaction that the user has had with them. Earlier Amazon’s Alexa was counterfeited with a bug installed by malicious hackers. Thus the whole idea of having smart assistant devices is not pleasant. Was this a consistent attack? Yes, according to the breach, a lot of valuable information was stolen or exploited by hackers. This includes the voice notes of the user interacting with Alexa. Not only home addresses, internet searches, as well as financial information also got breached.
Amazon’s reaction on breach
Amazon was not expecting this at all. And with the scheduled updates and patches it continues to roll out, Alexa should be more secure. nonetheless despite the breach, they patched the flaws. Initiated a dedicated response to the situation never gets out of hand again. According to the initial reports, there are more than 100 million smart assistants operating around the world. These may have to operate all around the world but the breach was only targeted at US citizens.
But still, this was very confusing for the home users who use Alexa on a day to day basis. Although there are guesses and hunches available on how the hacker would have done it. By knowing the detailed process of how stuff went down can help the Alexa developers to take into account Alexa’s security.
The plot of the attack
Any cyber breach or attack can’t be initiated if the users can get past the malicious links. The same happened in this case. The hacker sent a bunch of links to the users updating Alexa to a better version. Either this or it was to update the security infrastructure of the smart assistant.
By clicking a genuine-looking link the hacker may have lured the user into exposed waters. Although the page wasn’t relevant to Alexa’s infrastructure. But users continued tracking amazon packages to find the updates to download. Here, the hacker might have injected the code that allows them to land on Alexa server. While also helping them for retrieving the cookies from the target machine. Couldn’t the Amazon’s detection systems have caught this imitation? That it is not the original user and an intruder? Might not because the whole attack was laid out pretty great and could have fooled the system.
This way the hacker would have imitated as a genuine user to the Amazon. Thus, retrieving access to the victim’s full audio history, list of the skills that are already installed, and other account details. And suppose they were to get a little more advanced than this. In that case, hackers must have also installed malicious skills within Alexa. That could further install malicious applications on the user’s devices that have Alexa. It could affect a further number of users not only in America but in other countries as well. That is why some serious thought process must go into using such smart assistants. Not only on the user’s end but developers working on this project.
We have that you will take the necessary precautions. Please share your feedback and comments to tell us your opinions and reviews about smart IoT device protection.