Who discovered Alexa

Alexa hack: attackers have access to your smart home * Update: Statement from Amazon *

A smart home can be a comfortable thing. You control lamps, heaters, roller blinds and other devices with just your voice or an app. In addition to HomeKit, Amazon's Alexa in particular offers a simple start into the smart home. As researchers from Check Point Security have now discovered, Alexa was far from secure for a long time. In a report, they explained that numerous vulnerabilities allow hackers to attack users in order to control devices or to see what the voice assistant has been told.

Report: Alexa has vulnerabilities

As the researchers point out, some parts of Alexa had security flaws. One of them allows attackers almost full access to the data of the voice assistant. Skills could be installed, removed, all installed skills viewed, command sequences checked and, of course, personal data viewed without the user noticing anything. Attackers could also have installed modified skills in order to eavesdrop on users. Most worrying, however, is the fact that the vulnerability could only have been executed by clicking on an Amazon link.

How can I protect myself?

Due to the far-reaching possibilities, it is difficult to protect yourself and discovery is also difficult. However, the researchers calm down at this point and say that the vulnerabilities were reported to Amazon in June 2020 and have now been closed to prevent attacks via them. This means that updated Alexa devices are considered safe again.

Problems came to light before that. This allowed developers to update skills later in order to be able to listen in constantly. The skills could therefore also be one of the reasons that HomeKit is considered a secure smart home platform. Apple strictly controls the apps and their approvals in order to minimize weaknesses. At the same time, HomeKit devices use strong encryption, which caused great problems for numerous manufacturers in the early days - everything for data security.

* Update *

In the meantime, Amazon spoke up and put the following on the record:

“The safety of our devices is our top priority. We value the work of independent researchers like Check Point to alert us to potential problems. We fixed the vulnerability as soon as we heard about it - and will continue to strengthen our systems. We are not aware of any cases in which this vulnerability was exploited to the detriment of our customers or customer information was disclosed. ”-Amazon-spokesman