• About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, August 9, 2022
  • Login
UK Reporter
  • Home
  • News
    PC Grace Heads To National Police Bravery Awards

    PC Grace Heads To National Police Bravery Awards

    Police Dog ‘Oliver’ Gets Award

    Police Dog ‘Oliver’ Gets Award

    MP Gordon Henderson Wants Two Water Pipes To Supply Sheppey

    MP Gordon Henderson Wants Two Water Pipes To Supply Sheppey

    Police Appeal In Manhunt After Sittingbourne Assault

    Police Appeal In Manhunt After Sittingbourne Assault

    Police Would Like To Speak to Men Linked To New Ash Green Assault

    Police Would Like To Speak to Men Linked To New Ash Green Assault

    Two People Arrested After Murder In Margate

    Two People Arrested After Murder In Margate

    Bird Flu Is Circulating In Kent

    Bird Flu Is Circulating In Kent

    Police Appeal For Three Men Following Trouble In Swanley

    Police Appeal For Three Men Following Trouble In Swanley

    Pollution Alert For North Thanet Coast

    Pollution Alert For North Thanet Coast

    Police Appeal For Missing Man From Hawkinge

    Police Appeal For Missing Man From Hawkinge

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Politics
    Boris Pledges To Dump Lefty Policies In Survival Deal With Tory MPs

    Boris Pledges To Dump Lefty Policies In Survival Deal With Tory MPs

    Keir Starmer Calls For Boris Johnson To Resign

    Keir Starmer Calls For Boris Johnson To Resign

    Boris Attacks Remainer ”Double Standards” As PM Addresses VAT Brexit Claims

    Boris Attacks Remainer ”Double Standards” As PM Addresses VAT Brexit Claims

    Hypocrisy and political manipulation behind the so-called “democracy summit” in the US

    Hypocrisy and political manipulation behind the so-called “democracy summit” in the US

    Brexit: Johnson Strikes New Trade Deal With New Zealand PM, Ardern

    Brexit: Johnson Strikes New Trade Deal With New Zealand PM, Ardern

    Brexit Trade Dispute: UK And EU Continue To Talk But Remain At Odds

    Brexit Trade Dispute: UK And EU Continue To Talk But Remain At Odds

    Trending Tags

    • Business
      Using a Debt Collection Agency post Covid in the UK

      Using a Debt Collection Agency post Covid in the UK

      National Grid to buy US wind and solar energy developer

      National Grid to buy US wind and solar energy developer

      Trump blasts Democratic demands for postal-service money, saying mail-in voting would be ‘fraudulent’

      Trump blasts Democratic demands for postal-service money, saying mail-in voting would be ‘fraudulent’

    • Technology
      From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

      From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

      The five biggest announcements from the Behaviour Beyond showcase

      The five biggest announcements from the Behaviour Beyond showcase

      Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’

      Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’

      Is it illegal to share private WhatsApp messages in the UK?

      Is it illegal to share private WhatsApp messages in the UK?

      What happens when you delete WhatsApp?

      What happens when you delete WhatsApp?

      Yakuza games in order: By release date and timeline

      Yakuza games in order: By release date and timeline

    • Opinion
    • Sports
      Can You Recognise These Gills Fans?

      Can You Recognise These Gills Fans?

      How to choose a spin bike (3)

      How to choose a spin bike?

      Open Training Session For Tunbridge Wells Reserves

      Open Training Session For Tunbridge Wells Reserves

      Cray Valley Ladies FC Looking For New Players

      Cray Valley Ladies FC Looking For New Players

      Magene MG70 Electromagnetic Indoor cycling bike

      Magene MG70 Electromagnetic Indoor cycling bike

      Millwall FC Plan New Training Complex In West Kingsdown

      Millwall FC Plan New Training Complex In West Kingsdown

      Trending Tags

      • Health
        City with UK’s smelliest blokes revealed…and nearly half of them refuse to use deodorant

        City with UK’s smelliest blokes revealed…and nearly half of them refuse to use deodorant

        Davina McCall to host Who Cares Wins awards – and says to get the tissues ready

        Davina McCall to host Who Cares Wins awards – and says to get the tissues ready

        Take these 10 steps to live a longer life – from delaying breakfast to list-making

        Take these 10 steps to live a longer life – from delaying breakfast to list-making

        UK monkeypox cases rise to 2,432 as Brits told ‘check yourself for symptoms before sex’

        UK monkeypox cases rise to 2,432 as Brits told ‘check yourself for symptoms before sex’

        From biting your nails to chewing gum and leaving a mess – how these 12 so called bad habits are actually GOOD for you

        From biting your nails to chewing gum and leaving a mess – how these 12 so called bad habits are actually GOOD for you

        I’m a skincare expert – here’s one sun cream mistake people make that could be deadly

        I’m a skincare expert – here’s one sun cream mistake people make that could be deadly

        Trending Tags

        • Lifestyle
          Why volumetric concrete is the best choice for smaller scale self-build and DIY projects

          Why volumetric concrete is the best choice for smaller scale self-build and DIY projects

          AVRillo Rated As The Top Conveyancer In London

          rivage sunglasses

          RIVAGEUK: The Best Watches And Sunglasses Brand That Will Take Your Style To The Next Level

          wheelchair accessible vehicle

          Wheelchair Accessible Vehicles: What You Need To Know

          How to Stop a Leaking of Your Pen

          Classy and Unique Designs Of Your Favorite Jewellery | Bespoke Jewellery London

          Classy and Unique Designs Of Your Favorite Jewellery | Bespoke Jewellery London

        • World
        • Lifestyle
        • Press Release
        No Result
        View All Result
        UK Reporter
        No Result
        View All Result
        Home Technology

        Why You Must Beware What You Ask Amazon Alexa

        by pakamin
        September 8, 2021
        in Technology
        Reading Time: 4min read


        The same cyber team that cracked open TikTok, WhatsApp, Microsoft’s cloud and even Philips lightbulbs has just turned its attention to Amazon’s Alexa. And, unsurprisingly, it hasn’t disappointed. After “speculating” that Amazon’s 200 million devices “could be a prime entry-point for hackers,” Check Point Research has just lifted the lid to unmask “serious security flaws in Alexa.” According to the team, “in just one click, a user could have given up their voice history, home address and control of their Amazon account.”

        Warnings about the dangers of smart speakers and their extended families of virtual assistants are not new. These are the same devices that causes such scandal last year, when it transpired humans were listening to conversations to better train the AI. The issue here is different, much more akin to the broader problem of IoT security. Every different gadget you connect to the internet becomes a potential vulnerability. Check Point tells me the methods needed to crack Amazon’s devices were not particularly sophisticated.

        First things first—Amazon was obviously informed about the risks and quickly patched its software. A spokesperson for the company told me “the security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us. We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed.”

        So, all fine now, but how did this particular threat work? As with most such attacks, it started with a crafted link, sent to a victim by email or text. This link triggered a vulnerability within AWS, allowing the attacker to “silently install skills on a user’s Alexa account, get a list of all installed skills on the account, silently remove an installed skill, get the victim’s voice history or personal information.”

        Put more simply, the user clicks a messages link which directs them to an Amazon site where the attacker has set a trap to inject malicious code. The attacker pulls a list of the user’s installed Alexa apps and their security token, deletes one of the apps and installs one of their own with the same trigger phrase. As soon as that the user tells Alexa to run that app, the hacker is in business.

        Such an attack could be sporadic—sent to random users to see how many would bite, or it could be targeted at a specific individual. In the latter case, Check Point’s Oded Vanunu told me, “an attacker could carry out a more elaborate attack by getting the list of skills and replacing one of their skills with a similar looking malicious skill.” And while the exploit is not especially sophisticated technically, “a combination of XSS, CSRF and CORS misconfigurations,” for a user this attack would appear “seamless and sophisticated.”

        As ever with these kinds of disclosures, the technical specifics are irrelevant to most users. The vulnerabilities have been patched—users just need to make sure their devices are always updated, which should happen automatically. The really important message is to understand how to stay safe from the risk of such attacks, ensuring that you don’t leave yourself and your homes wide open.

        “We are issuing some safety tips and guidelines on Alexa use,” Check Point spokesperson Ekram Ahmed told me. “Avoid unfamiliar apps—don’t install these on your smart speaker. Be careful what sensitive information you share with your smart speaker, such as passwords and bank accounts. And read up on any apps—nowadays anyone can create smart assistant apps, so read about the app before you install it and check what permissions it requires. Anyone can publish a skill, and skills can perform actions and get information.”

        A virtual assistant becomes more useful the more applications it has and data it has access to—this is the issue. “Any user’s personal information that was shared with the Alexa device could be potentially at risk,” Vanunu explained. “These apps could be finance or retail apps. With this attack, I could uninstall and install fake apps that will be triggered by calling to the safe uninstalled application.”

        I asked Vanunu if such an attack could bridge to the surveillance tech in a home. Yes, he told me. “The attacker can potentially access unsecured cameras if the camera’s developer created an Alexa skill with mismanaged authentication. In this scenario, the attacker could uninstall the camera skill and replace it with a malicious skill that sends all the footage to the attacker.”

        As ever, the more of this technology we install and deploy, the greater the risks we run. These issues have been patched, but it’s worth taking this as a timely warning that overloading smart speakers with the same plethora of apps which now clog up our smartphones is not a good idea. The same warnings apply. Do not install apps you can’t verify or from sources you don’t fully trust. These devices are placed in our homes and can listen to everything we say, monitoring everything we do. It’s worth thinking that through.

        Original Source

        The post Why You Must Beware What You Ask Amazon Alexa appeared first on Trax News.



        Source link

        Related Posts

        From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

        From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed

        SHAUN the Sheep has been revealed as the first ‘astronaut’ to fly on Nasa’s next big Moon mission. The...

        The five biggest announcements from the Behaviour Beyond showcase

        The five biggest announcements from the Behaviour Beyond showcase

        DEAD By Daylight developer Behaviour Interactive just held a showcase to reveal a number of its upcoming games  Here...

        Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’

        Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’

        AN out-of-control Chinese rocket has crash-landed in the Indian Ocean as debris “lit up the night sky over Malaysia”....

        Popular

        • PC Grace Heads To National Police Bravery Awards
        • From Shaun the Sheep to Lego: the weird items aboard Nasa’s latest mission to the Moon revealed
        • Paramount+ Hits 43 Million Subscribers As Streaming Rivals Struggle
        • Police Dog ‘Oliver’ Gets Award
        • The five biggest announcements from the Behaviour Beyond showcase
        • MP Gordon Henderson Wants Two Water Pipes To Supply Sheppey
        • Out-of-control Chinese rocket crash lands in Indian Ocean as ‘debris lights up the night sky over Malaysia’
        • Police Appeal In Manhunt After Sittingbourne Assault
        • Is it illegal to share private WhatsApp messages in the UK?
        • Police Would Like To Speak to Men Linked To New Ash Green Assault
        • About
        • Advertise
        • Privacy & Policy
        • Contact

        Copyright © 2021 UK Reporter.co.uk.

        No Result
        View All Result
        • Home
        • News
        • Politics
        • Business
        • Technology
        • Opinion
        • Sports
        • Health
        • Lifestyle
        • World
        • Lifestyle
        • Press Release

        Copyright © 2021 UK Reporter.co.uk.

        Welcome Back!

        Login to your account below

        Forgotten Password?

        Create New Account!

        Fill the forms below to register

        All fields are required. Log In

        Retrieve your password

        Please enter your username or email address to reset your password.

        Log In