Join Check Point’s security researchers, Yaara Shriki, Dikla Barda and Roman Zaikin, for an in-depth interview about a vulnerability that they discovered within Amazon’s Alexa device. The team alerted Amazon to the issue, and it’s since been resolved. Nonetheless, the details have implications for users, and you might want to be aware of them.
Here is a layman’s explanation of how the vulnerability could have been exploited:
Successful exploitation would have required just one click on a specially crafted, malicious Amazon link. The link could have been sent via email or text.
What would an attacker need to know about a user to target them? Would targets be random or could a hacker use it against someone specific?
The link can be sent to random users or used in a spear phishing attack against a specific user. An attacker can carry out a more elaborate attack on a user and replace one of their Alexa ‘skills’ with a similar looking malicious skill.
How easy vs. how sophisticated was the attack?
The attack itself contains a combination of three vulnerabilities XSS, CSRF and CORS misconfiguration. In order to carry out the attack, we had to find these vulnerabilities in different subdomains of Amazon. This was the sophisticated a bit.
What does the attack say about smart speakers in general?
Smart speakers have become a vital part of our daily activities. Hacking into your personal assistant may impact your entire life because you rely on it for basic tasks. Hackers are especially interested in smart speakers, since they are used to control many devices in smart-homes.
Is it time for users to unplug them?!
Users should be careful when installing new skills on their Alexa device/s.
What was Amazon’s response? Is everything patched?
Amazon responded quickly to our disclosure to close off these vulnerabilities.
What data was at risk?
Any user’s personal information that was shared with the Alexa device potentially could be at risk.
How real vs. hypothetical/proof of concept (POC) was this vulnerability and exploit? We demonstrated a full POC of the attack in our blog and described step-by-step how the attack can be performed.
Was there any way to access surveillance cameras linked to a Amazon devices through this? The attacker could potentially access unsecured cameras if the camera’s developer created an Alexa skill with mismanaged authentication. In this scenario the attacker could uninstall the camera skill and replace it with a malicious skill that sent all the footage to the attacker.
Get additional technical information on this vulnerability right here.
About the researchers:
Yaara Shriki: Yaara Shriki is an experienced security researcher at Check Point Software Technologies. She is an IDF technological unit graduate with experience in penetration testing, vulnerability research and forensics. Outside of work, Yaara volunteers to promote women and girls in tech.
Dikla Barda: Dikla Barda is a Security Researcher at Check Point Software Technologies. She has over 6 years of experience in the field of cyber security research. Her research has identified vulnerabilities in over 100 companies and organizations including major vendors like: Facebook, WhatsApp, Telegram, AliExpress, LG, DJI, TikTok, Alexa and more. Dikla is an active volunteer with high school students, training the next generation of cyber security experts in Israel. In her free time she develops hacking tools, and participates in bug bounty programs.
Roman Zaikin: Roman Zaikin is a Security Expert at Check Point Software Technologies. His research has revealed significant flaws in popular services, and major vendors like: Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, TikTok and more.
He has over 10 years of experience in the field of cyber security research. He spoke at various leading conferences worldwide including Black Hat Vegas 2019 about WhatsApp Protocol Decryption and Chat Manipulation. Roman loves technology and want to know exactly how things work behind the scenes at lowest level of the bit and the bytes.
Did you like this interview? Stay tuned for more interviews with these security experts.