You see this notification pop up:
"Your Amazon Alexa might be at risk. Hackers can install malicious skills remotely in your Alexa."
Why did this happen?
Recently reported vulnerabilities involving Amazon’s voice assistant Alexa which could render it vulnerable to malicious attacks.
Once exploited, it can allow attackers to remove or install skills on a victim’s Alexa account, access the voice history, and collect personal information through skill interaction whenever the malicious skill is activated.
What cause these vulnerabilities?
A misconfigured resource-sharing policy in Amazon's Alexa Mobile application, potentially allowing attackers to inject a code to exploit Amazon subdomain, which can result in more attacks on another Amazon subdomain.
What are its risks?
These vulnerabilities could have been exploited by attackers to prompt the user to click on a malicious link that navigates to an Amazon subdomain and then allow the attacker to do changes in the victim’s account like:
- Silently install and remove skills
- Get the victim’s voice history
- Get the victim’s personal information
What should I do next?
- Make sure to always keep your Amazon Alexa app up to date. Show me how.
- Connect your device with the Alexa app to the home network protected by your Trend Micro Home Network Security.
