Security

Vulnerability Found in Alexa App, What Should You Do?

Amazon’s Alexa is an incredibly helpful, albeit slightly limited, personal assistant. It can play music, read audiobooks, host a trivia night, set a timer, order pizza, and perform a number of other useful tasks. One more thing Alexa can do? Alexa can allow anyone with your Amazon credentials access to your account’s calling and messaging capabilities. To ensure that this vulnerability, and other similar ones, aren’t allowing hackers to introduce malware onto your Android, be sure to run a Security Scan. This scan will quickly verify that your phone is free of any security breaches:

This vulnerability was revealed at a recent SANS Institute summit. According to Brian Moran of BriMor Labs, Amazon’s lack of two-factor authentication, or 2FA, allows for this security flaw. While the initial mobile sign-in with Alexa requires 2FA, including a PIN sent by SMS, this is the only instance in which this authentication method was required.

Read More: Phishing Attacks Can Be Stealthier Than You Think

If your Amazon Echo account does not have two-factor authentication enabled, anyone with access to your Amazon credentials will be able to make Alexa calls and messages as another account, receive Alexa calls and messages sent to another account, and sync your Alexa account’s contacts with their device. For those who own the brand new Amazon Echo Show, which allows users to virtually “drop in” on trusted contacts’ houses, the dangers this breach poses are even more significant.

Safety Tips

To ensure that this security hole doesn’t result in the loss of sensitive data, all users need to do is turn on two-factor authentication. This can be done by logging in to your Amazon homepage and clicking the “Login and Security” button. From there, click the edit button on “Advanced Security Settings” and then “Get Started.” From there, Amazon will allow you to register your phone number or a preferred authenticator app which can be synced through a QR code.

In fact, relying on 2FA is a smart move for all accounts. This is an easy way to add an extra measure of security of all login sequences. Two-factor authentication can rely on three different types of authentication, including something a user knows (such as a PIN or a password), something a user owns (such as a smartphone), and something to identify a user (such as a fingerprint or retina scan). As the password is often the weakest link in account security, creating a backup mode of authentication is a smart idea in any case.

 

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago