Last week, IoT security was in the spotlight again as researchers warned that Amazon’s Alexa is vulnerable to malicious third-party apps, or “skills”, that could leave owners at risk of a wide range of cyberattacks.
Researchers analyzed 90,194 unique skills from Amazon’s skill stores across seven countries and found widespread security issues that could lead to phishing attacks or the ability to trick Alexa users into revealing sensitive information.
For instance, developers can register skills that fraudulently use well-known company names, and leverage these fake brand names to send out phishing emails that link to the skill’s Amazon store webpage. Attackers can also make code changes after their skills have been approved by Amazon, opening the door for various malicious configurations.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
