You see this notification pop up:
"Your Amazon Alexa might be at risk. Hackers can install malicious skills remotely in your Alexa."
Why did this happen?
Recently reported vulnerabilities involving Amazonâs voice assistant Alexa which could render it vulnerable to malicious attacks.
Once exploited, it can allow attackers to remove or install skills on a victimâs Alexa account, access the voice history, and collect personal information through skill interaction whenever the malicious skill is activated.
What cause these vulnerabilities?
A misconfigured resource-sharing policy in Amazon's Alexa Mobile application, potentially allowing attackers to inject a code to exploit Amazon subdomain, which can result in more attacks on another Amazon subdomain.
What are its risks?
These vulnerabilities could have been exploited by attackers to prompt the user to click on a malicious link that navigates to an Amazon subdomain and then allow the attacker to do changes in the victimâs account like:
- Silently install and remove skills
- Get the victimâs voice history
- Get the victimâs personal information
What should I do next?
- Make sure to always keep your Amazon Alexa app up to date. Show me how.
- Connect your device with the Alexa app to the home network protected by your Trend Micro Home Network Security.
