Amazon Alexa
@amazon

Amazon Alexa Bug

Amazon Alexa is considered one of the most used smart assistant devices for several years. Though it seems safe for most of the users, according to new research, some vulnerabilities in the Alexa platform make everyone think twice about the safety measures of this smart assistant device.

A cyber-security research team has found that a security bug of the Alexa device can allow hackers to access users’ conversation history and personal information as well. The report has been published by the security firm named Check Point. Though Amazon has somehow fixed the flaws, there are still chances of the vulnerability of users’ profile information that also includes their address or other information added to Alexa.

Amazon Alexa
@amazon

By accessing the information, hackers can delete the existing data and install a malicious skill to get access to more data. Hackers can remove or install apps on a device without the users’ knowledge. By just one click on the Amazon link, hackers can access the Alexa device.  Regarding fixing this security bug Amazon has stated that customers’ security is their topmost priority, and they will try their level best to fix this issue.

Malicious Links

The cybersecurity firm the hackers need a malicious Amazon link to get access to the user’s Amazon Alexa device. They will send the link to the unsuspecting users and only when the users click the link, the hackers get access to the users installed Alexa skills. By this simple way hackers easily can access user’s personal data and conversations with the device. When the user will retry to activate the previous skill, Alexa will run the hacker’s app instead. Check Point also pointed towards the banking skills of users and mentioned that it would be major problems for users to use Alexa with these security bugs. Though Alexa doesn’t save banking login details, there are possibilities of hacking banking data also according to the cyber-security research report.

At such conditions, the hacker can access every single data of the users added to the Alexa device. Though, in case of any potentially harmful behavior, all skills are monitored by Amazon. So in the first place, it won’t be a proper solution to assume that a hacker could have planted a malicious skill. According to Check Point’s suggestion, though users can’t control the security bugs of Amazon Alexa devices, at least they can provide less information in their Alexa account.

Source 1 Source 2