CyberNews Briefs

Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data

A shocking new report by researchers at Check Point security exposes a critical vulnerability in Amazon’s Alexa virtual assistant platform that could be leveraged by attackers to access banking data history, home addresses, and other personally identifiable information. Check Point researchers found several web application flaws on Amazon Alexa subdomains that can be remotely exploited through a specially crafted Amazon link.

The flaws include a cross-site scripting bug and a cross-origin resource sharing misconfiguration. Check Point stated that securing virtual assistant devices is critical to maintaining privacy. The findings in the report were disclosed to Amazon in June of 2020, and the flaws were announced publicly today.

Read More: Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.