Last update March 20, 2023 at 01:12 am
Cyber security researchers have found a very simple and dangerous flaw in Amazon. This flaw allows the hacker to access your bank account.
Researchers at Check Point Research reported a security breach in certain subdomains of Amazon and Alexa. These vulnerabilities, when exploited, allow hackers direct access to banking information, phone number and address.
Before continuing, let's find out how the hacker can do this.
Discover vyour password manager on android here
Technique that can be used by a hacker to hack you through amazon
The hacker does this by sending a personalized link that he himself created to the target. If the latter clicks on the link, the pirate will have unlimited access to the target's personal data by carrying out several specific types of attacks.
The most predictable scenario is first access to the history of bank data, the first and last names, telephone numbers and domicile of the victim. The most terrifying is yet to come.
Second, the hacker can extract and listen to the voice history of users, installed new skills Alexa or amazon echo in the victim's account. He can at will modify or delete the existing skills in the target's account in order to better hack the next times.
What do the experts at Check Point say?
Oded Vanunu, Head of Products Vunerabilities Research at Check Point, denounces the security concerns of assistants and smart speakers. According to him "
“Smart speakers and virtual assistants are so common that it's easy to forget how much personal data they hold and their role in controlling other smart devices in our homes. ”
It is clear that any service or device that holds the personal information of its users is susceptible to numerous attacks from hackers. Unfortunately virtual assistants and smart speakers are not spared. Responsage for research vulnerability product confirms this by continuing:
“… Hackers (virtual assistants and smart speakers) see them as entry points into people's lives, giving them the ability to access data, listen to conversations or take other actions malicious without the knowledge of the owner. ”
Lucky for us, the loophole is solved
" Fortunately, Amazon responded quickly to our disclosure to shut down these vulnerabilities on certain Amazon / Alexa subdomains. ”- Oded Vanunu Head of Products Vunerabilities Research at Check Point.
Yes, this flaw was first reported to Amazon who fixed the issue before the Checkpoint Company article was officially released to the world. It is important that all Internet users, users of virtual assistants and intelligent speakers are aware of the risks and vulnerabilities to which they are exposed.
For Vanunu, their intentions were to ”… highlight how essential securing these devices is to maintaining user privacy."
These problems are not limited only to the devices mentioned, they can extend to other types of systems and connected objects distributed around the world. Oded Vanunu says adds in the blog:
"... We hope that manufacturers of similar devices will follow Amazon's lead and check their products for vulnerabilities that could compromise user privacy. ... ".
CheckPoint had previously performed vulnerability research on TikTok, Whatsapp and Fortnite. But Amazon's rift with Alexa was the biggest because of its impact around the world. Oded Vanunu Head of Products Vunerabilities Research at Check Point said:
"Alexa has been on our minds for some time now, given its ubiquity and connection to IoT devices. It is these mega digital platforms that can harm us the most. Therefore, their security levels are of crucial importance. “
“Amazon resolved this issue shortly after it was reported.”
Last update March 20, 2023 at 01:12 am
You may be interested in Microsoft: end of Cortana for IOS and Android in 2021 et Lenovo: Now thinkpad and thinkstation will be Linux certified.