Alexa hack granted attackers access to an Echo user's smart home network | Appleinsider


Summary generated on August 16, 2020

    A number of vulnerabilities have been revealed in Amazon's Alexa, highlighting the need for providers of smart home platforms, such as Apple's HomeKit, to maintain security as part of the service.

    The concept of a smart home is attractive, but the dream of ordering a virtual assistant around to automate household tasks becomes a nightmare once security issues surface.

    In the case of Amazon's Alexa, which is at the heart of many people's smart home setup, vulnerabilities have been revealed that could allow an attacker to perform tasks and to find out what a user has told Alexa.

    By using XSS, an attacker would be able to acquire a CSRF token that would provide them access to elements of the smart home installation.

    Amazon has courted controversy with the security and privacy issues of its smart home platform in the past.

    In 2019, it was found Amazon employees were listening to audio recordings from Echo devices to improve its accuracy, while later in the same year researchers were able to add spying apps to app stores for Alexa and Google Home that enabled eavesdropping and phishing to take place.

    While Apple does operate its own HomeKit smart home platform, the company does work to keep each element as secure as feasibly possible.