{"id":12638,"date":"2017-07-18T17:00:41","date_gmt":"2017-07-18T22:00:41","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=12638"},"modified":"2017-07-20T12:50:02","modified_gmt":"2017-07-20T17:50:02","slug":"vulnerability-found-alexa-app","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/","title":{"rendered":"Vulnerability Found in Alexa App, What Should You Do?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Amazon\u2019s Alexa is an incredibly helpful, albeit slightly limited, personal assistant. It can play music, read audiobooks, host a trivia night, set a timer, order pizza, and perform a number of other useful tasks. One more thing Alexa can do? Alexa can allow anyone with your Amazon credentials access to your account\u2019s calling and messaging capabilities. To ensure that this vulnerability, and other similar ones, aren\u2019t allowing hackers to introduce malware onto your Android, be sure to run a Security Scan. This scan will quickly verify that your phone is free of any security breaches:<\/span><\/p>\n<p><center><a href=\"psafe:\/\/launch\/antivirus_quick\" rel=\"attachment wp-att-9829\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-9829\" src=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg\" alt=\"run-security-scan\" width=\"300\" height=\"67\" srcset=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg 300w, https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1.jpg 353w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/center><span style=\"font-weight: 400;\">This vulnerability was revealed at a recent SANS Institute summit. According to Brian Moran of BriMor Labs, Amazon\u2019s lack of two-factor authentication, or 2FA, allows for this security flaw. While the initial mobile sign-in with Alexa requires 2FA, including a PIN sent by SMS, this is the only instance in which this authentication method was required.<\/span><\/p>\n<p><b>Read More:<\/b><a href=\"https:\/\/www.psafe.com\/en\/blog\/phishing-attacks-can-stealthier-think\/\"> <b>Phishing Attacks Can Be Stealthier Than You Think<\/b><\/a><\/p>\n<p><span style=\"font-weight: 400;\">If your Amazon Echo account does not have two-factor authentication enabled, anyone with access to your Amazon credentials will be able to make Alexa calls and messages as another account, receive Alexa calls and messages sent to another account, and sync your Alexa account\u2019s contacts with their device. For those who own the brand new Amazon Echo Show, which allows users to virtually \u201cdrop in\u201d on trusted contacts&#8217; houses, the dangers this breach poses are even more significant.<\/span><\/p>\n<p><b>Safety Tips<\/b><\/p>\n<p><span style=\"font-weight: 400;\">To ensure that this security hole doesn\u2019t result in the loss of sensitive data, all users need to do is turn on two-factor authentication. This can be done by logging in to your Amazon homepage and clicking the \u201cLogin and Security\u201d button. From there, click the edit button on \u201cAdvanced Security Settings\u201d and then \u201cGet Started.\u201d From there, Amazon will allow you to register your phone number or a preferred authenticator app which can be synced through a QR code.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In fact, relying on 2FA is a smart move for all accounts. This is an easy way to add an extra measure of security of all login sequences. Two-factor authentication can rely on three different types of authentication, including something a user knows (such as a PIN or a password), something a user owns (such as a smartphone), and something to identify a user (such as a fingerprint or retina scan). As the password is often the weakest link in account security, creating a backup mode of authentication is a smart idea in any case.<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon\u2019s Alexa can make your life a whole lot easier. Alexa can also make life a whole lot less safe thanks to this vulnerability.<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[18,942,252,306,195,309,9,249,161],"class_list":["post-12638","post","type-post","status-publish","format-standard","hentry","category-security","tag-app","tag-app0","tag-app1","tag-app4","tag-app5","tag-app7","tag-mobile","tag-security","tag-virus"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/12638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=12638"}],"version-history":[{"count":0,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/12638\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=12638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=12638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=12638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}