Australia markets closed
  • ALL ORDS

    7,239.40
    +30.40 (+0.42%)
     
  • ASX 200

    7,014.20
    +31.50 (+0.45%)
     
  • AUD/USD

    0.7779
    +0.0049 (+0.63%)
     
  • OIL

    65.27
    +1.45 (+2.27%)
     
  • GOLD

    1,838.50
    +14.50 (+0.79%)
     
  • BTC-AUD

    65,368.98
    +2,447.88 (+3.89%)
     
  • CMC Crypto 200

    1,422.32
    +63.76 (+4.69%)
     
  • AUD/EUR

    0.6406
    +0.0012 (+0.19%)
     
  • AUD/NZD

    1.0736
    -0.0016 (-0.15%)
     
  • NZX 50

    12,367.86
    -60.26 (-0.48%)
     
  • NASDAQ

    13,367.76
    +258.61 (+1.97%)
     
  • FTSE

    7,043.61
    +80.28 (+1.15%)
     
  • Dow Jones

    34,358.39
    +336.94 (+0.99%)
     
  • DAX

    15,416.64
    +216.96 (+1.43%)
     
  • Hang Seng

    28,027.57
    +308.90 (+1.11%)
     
  • NIKKEI 225

    28,084.47
    +636.46 (+2.32%)
     

‘One click’: How your Alexa could be silently hacked

Jessica Yun
·2-min read
VIENNA,AUSTRIA - December 4 2019: Amazon Alexa Echo on a wooden bench with green plants in the background
Amaxon Alexa echo. (Source: Getty)

Australians who own Alexa devices have been warned against a vulnerability that allowed for hackers to control the device with a single click.

Although the vulnerability has now been fixed, cyber threat intelligence research firm Check Point said it was critical that users secure their smart devices as virtual assistants are often entry points to peoples’ homes.

Intelligent virtual assistants or personal assistants such as Alexa work by performing tasks or services based on commands or questions. Users can add to Alexa’s functions by adding ‘skills’, functionalities developed by third parties.

Check Point Research showed that certain vulnerabilities would have allowed a hacker to silently install skills onto an Alexa account, or obtain a list of installed skills on the user’s account.

“In effect, these exploits could have allowed an attacker to remove/install skills on the targeted victim’s Alexa account, access their voice history and acquire personal information through skill interaction when the user invokes the installed skill,” said Check Point researchers Dikla Barda, Roman Zaikin and Yaara Shriki.

And as the final icing on the cake, the hack would only be a click away.

“Successful exploitation would have required just one click on an Amazon link that has been specially crafted by the attacker.”

According to the researchers, Check Point reported the vulnerabilities to Amazon in June and the issue has now been fixed.

What you can do to avoid being hacked

The vulnerability has reportedly been fixed, but nonetheless, Check Point head of products vulnerabilities research Oded Vanunu said users should be picky about the number of skills they install to their Alexa.

“Smart speakers and virtual assistants are so commonplace. It is easy to overlook just how much personal data they hold and their role in controlling other smart devices in our homes,” he said.

“But hackers see them as entry points into peoples’ lives. It allows them to access data, eavesdrop on conversations or conduct other malicious actions without the owner being aware.

Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, economy, property and work news.

Follow Yahoo Finance Australia on Facebook, Twitter, Instagram and LinkedIn.

Join us for this year's Yahoo Finance All Markets Summit.
Join us for this year's Yahoo Finance All Markets Summit.