Researchers at online security provider Check Point discovered a flaw in Amazon’s virtual assistant that left the vulnerable owner’s personal information before it was reached in June.
Researchers detailed the vulnerability in a report released Thursday, saying potential hackers may have hijacked voice aids using malicious links on Amazon.
Once those links were clicked, hackers would be able to install or remove “Skills” – essentially applications – from Alexa devices.
They will also be able to access the user’s voice history with their device, as well as personal information as sensitive as bank details and home addresses.
Check Point filed the bug on Amazon this past June and the company then fixed security issues. The online retail giant did not immediately return a request for comment from The Hill.
Experts have long warned about the security vulnerabilities present in Internet-enabled devices that are now common in many American homes.
More than 200 million Alexa-enabled devices were sold by the end of 2019, and a vulnerability in those devices could pose serious privacy risks.
“Smart speakers and virtual assistants are so common that it is easy to overlook how much personal data they hold, and their role in controlling other smart devices in our homes,” said Oded Vanunu, head of vulnerability research. products at Check Point, in a statement.
“But hackers see them as entry points into people’s lives, giving them the opportunity to access data, eavesdrop on conversations or perform other malicious actions without the owner being aware.”
Amazon, however, has insisted that the devices are secure.
“The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us,” an Amazon spokesman said in a statement to The Hill. “We fixed this issue as soon as it came to our attention, and we continue to further strengthen our systems. We are not aware of any instances of this vulnerability being used against our customers or of any customer information being exposed. “.