Amazon Alexa Vulnerabilities Could Have Exposed User Data
Researchers at Check Point security have identified vulnerabilities within Amazon’s virtual assistant, Alexa. The series of vulnerabilities could allow for a variety of attacks against the device. Check Point found Cross-Origin Resource Sharing misconfiguration attacks and Cross-Site Scripting (XSS) bugs on Amazon and Alexa subdomains. This allowed the researchers to perform various actions without authentication, accomplished by leveraging the vulnerabilities.
According to cybersecurity experts, if the vulnerabilities are successfully exploited, an attacker could retrieve the personal information of an Alexa owner. Attackers could also access voice history with Alexa, install applications on the user’s behalf, list installed skills, or remove them. Access to voice history arguably poses the largest threat to Alexa users as this could contain more sensitive personal information or data that could be used in subsequent phishing or social engineering attacks.