EXECUTIVE SUMMARY:

Stay up-to-date on how smart home devices are evolving. Your user privacy might be at stake. Join Check Point’s security researchers, Yaara Shriki, Dikla Barda and Roman Zaikin, for another dynamic, informative and in-depth interview.

Amazon just announced an “Alexa for Residential” program. This way, landlords can create smart apartments. What are your perspectives on this?

Landlords should create a private account for any resident because the information is stored in the cloud and allows the user to access the Alexa via the mobile App which may cause cross account action and data leak.

According to Amazon, landlords don’t have access to any tenant data, and voice recordings are automatically deleted daily.

How are the security risks presented by allowing Alexa to purchase your gasoline different from the security risks posed by simply using your credit card at a gasoline station?

When using Alexa to pay for gas, the transactions are processed using Amazon Pay. That means there is an extra step in the paying process which increases the risk of being compromised by an attacker.

Does expanding Alexa’s reach in your life (Alexa apartment, Alexa gasoline, Alexa supermarket) present an increased number of potential security risks?

Any connected device has the potential risk of being exploited. As the number of Alexa devices in homes increase attackers are more likely to target these devices so by using more smart home devices your risk of being hacked rises up.

What does the future look like when it comes to smart home device security?

As smart home devices become a bigger part of our lives and more homes adopt smart technologies, the incentive for malicious actors to target those devices increases.

Smart devices collect data on our daily habits and online usage and sometimes store private information about us. Every device that is connected to the internet is a potential target for attackers. Smart speakers, cameras and locks are at even a higher risk since the potential damage caused by hacking to one of them is much more severe. That’s why security should be a top priority when designing these devices.

Users should read about the security measures taken by companies in smart home devices before buying them. It is also important to keep in mind what information we choose to share with connected devices.

About the researchers:

Yaara Shriki: Yaara Shriki is an experienced security researcher at Check Point Security Technologies. She is an IDF technological unit graduate with experience in penetration testing, vulnerability research and forensics. Outside of work, Yaara volunteers to promote women and girls in tech.

Dikla Barda: Dikla Barda is a Security Researcher at Check Point Security Technologies. She has over 6 years of experience in the field of cyber security research. Her research has identified vulnerabilities in over 100 companies and organizations including major vendors like: Facebook, WhatsApp, Telegram, AliExpress, LG, DJI, TikTok, Alexa and more. Dikla is an active volunteer with high school students, training the next generation of cyber security experts in Israel. In her free time she develops hacking tools, and participates in bug bounty programs.

Roman Zaikin: Roman Zaikin is a Security Expert at Check Point Security Technologies. His research has revealed significant flaws in popular services, and major vendors like: Facebook, WhatsApp, Telegram, eBay, AliExpress, LG, DJI, Microsoft, TikTok and more. He has over 10 years of experience in the field of cyber security research. He spoke at various leading conferences worldwide including Black Hat Vegas 2019 about WhatsApp Protocol Decryption and Chat Manipulation. Roman loves technology and want to know exactly how things work behind the scenes at lowest level of the bit and the bytes.