Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process
Researchers have allegedly located several security issues in Amazon’s Alexa skill vetting process, claiming that they could be exploited to steal data or launch phishing attacks against users of the technology. After alerting Amazon to the fact that Alexa is vulnerable to malicious third-party skills, Amazon dismissed the claim. Researchers released a report presented at the Network and Distributed System Security Symposium earlier this week, detailing widespread security issues that could expose sensitive user information.
However, Amazon claims that the tech is secure and it is unlikely any patches will be released to address researchers’ concerns. According to the recent report, the security professionals looked at 90,000 unique skills from Amazon’s skill stores across seven countries, finding that gaps in the current ecosystem could be exploited to launch further attacks. These could include registration of arbitrary developer names, bypassing permission APIs, and making backend code changes.