Cybersecurity expert provide an insight on the the news that a flaw in Amazon’s Alexa smart home devices could have allowed hackers access personal information and conversation history.
More Information on the News: https://www.bbc.co.uk/news/technology-53770778
Security in IoT devices such as the Amazon Echo and associated Alexa voice assistant service is an important issue. These devices often have security constraints in terms of their size, cost, limited user interfaces or “always-on” functionality – making them a really attractive target for hackers.
Consumers purchasing many of these IoT devices for convenience or novelty are unlikely to be aware of basic security measures and how much of their private data is been consumed by the devices. By exploiting unpatched vulnerabilities in these devices, hackers can potentially achieve anything from data pilfering, to extortion.
The growing demand for these devices requires that manufacturers focus on their security and privacy. IoT manufacturers need to work more closely with cybersecurity professionals to ensure that device security is considered and understood at the design stage – not implemented as an afterthought.
There is a need to increase awareness around these issues, and to take a realistic approach to combine strong security with legislative restrictions if we want to ensure that these devices and our information are secured to the highest standards.
In this case it is great to see responsible disclosure and vendor patching working together to improve security for millions of users of these devices.
As IoT smart home devices such as Amazon Alexas continue to grow in popularity, they provide us the opportunity to connect and interact with the internet in a variety of ways. Despite their popularity and the benefits, they bring to the user, they also pose a significant security risk if not properly secured. This is because hackers are acutely aware about the lack of basic security measures some of the devices have and their potential for exploitation. At a time when many of us are working from home, this becomes an area of concern, as it is likely personal devices connected to corporate networks are being used for business conversations in the vicinity of a smart device, providing an easy way in for nefarious actors to either steal or delete sensitive corporate data.
The NCSC has only recently released guidance to consumers on how to best protect themselves against such threats and secure such devices, which goes to show just how prevalent these threats are becoming. It’s important that users understand the advice and incorporate strong cyber hygiene practices into their daily routine. It is recommended that all factory set passwords on both routers and IoT devices are changed on setup and at regular intervals, whilst personal devices should never be used to access business networks and emails. For remote workers, ensuring VPNs used to access organisational network are locked when not is use is also good practice. Moreover, checking for software updates for patches released by manufacturers can also help to remain safe online.
Legislation in this particular area is also improving in order to force more manufacturers to improve the security of such devices, but in the meantime it’s important to highlight to users there is a risk associated with the IoT and that users must take steps to mitigate these potential issues.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics