{"id":12638,"date":"2017-07-18T17:00:41","date_gmt":"2017-07-18T22:00:41","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=12638"},"modified":"2017-07-20T12:50:02","modified_gmt":"2017-07-20T17:50:02","slug":"vulnerability-found-alexa-app","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/","title":{"rendered":"Vulnerability Found in Alexa App, What Should You Do?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Amazon\u2019s Alexa is an incredibly helpful, albeit slightly limited, personal assistant. It can play music, read audiobooks, host a trivia night, set a timer, order pizza, and perform a number of other useful tasks. One more thing Alexa can do? Alexa can allow anyone with your Amazon credentials access to your account\u2019s calling and messaging capabilities. To ensure that this vulnerability, and other similar ones, aren\u2019t allowing hackers to introduce malware onto your Android, be sure to run a Security Scan. This scan will quickly verify that your phone is free of any security breaches:<\/span><\/p>\n<p><center><a href=\"psafe:\/\/launch\/antivirus_quick\" rel=\"attachment wp-att-9829\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-9829\" src=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg\" alt=\"run-security-scan\" width=\"300\" height=\"67\" srcset=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg 300w, https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1.jpg 353w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/center><span style=\"font-weight: 400;\">This vulnerability was revealed at a recent SANS Institute summit. According to Brian Moran of BriMor Labs, Amazon\u2019s lack of two-factor authentication, or 2FA, allows for this security flaw. While the initial mobile sign-in with Alexa requires 2FA, including a PIN sent by SMS, this is the only instance in which this authentication method was required.<\/span><\/p>\n<p><b>Read More:<\/b><a href=\"https:\/\/www.psafe.com\/en\/blog\/phishing-attacks-can-stealthier-think\/\"> <b>Phishing Attacks Can Be Stealthier Than You Think<\/b><\/a><\/p>\n<p><span style=\"font-weight: 400;\">If your Amazon Echo account does not have two-factor authentication enabled, anyone with access to your Amazon credentials will be able to make Alexa calls and messages as another account, receive Alexa calls and messages sent to another account, and sync your Alexa account\u2019s contacts with their device. For those who own the brand new Amazon Echo Show, which allows users to virtually \u201cdrop in\u201d on trusted contacts&#8217; houses, the dangers this breach poses are even more significant.<\/span><\/p>\n<p><b>Safety Tips<\/b><\/p>\n<p><span style=\"font-weight: 400;\">To ensure that this security hole doesn\u2019t result in the loss of sensitive data, all users need to do is turn on two-factor authentication. This can be done by logging in to your Amazon homepage and clicking the \u201cLogin and Security\u201d button. From there, click the edit button on \u201cAdvanced Security Settings\u201d and then \u201cGet Started.\u201d From there, Amazon will allow you to register your phone number or a preferred authenticator app which can be synced through a QR code.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In fact, relying on 2FA is a smart move for all accounts. This is an easy way to add an extra measure of security of all login sequences. Two-factor authentication can rely on three different types of authentication, including something a user knows (such as a PIN or a password), something a user owns (such as a smartphone), and something to identify a user (such as a fingerprint or retina scan). As the password is often the weakest link in account security, creating a backup mode of authentication is a smart idea in any case.<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon\u2019s Alexa can make your life a whole lot easier. Alexa can also make life a whole lot less safe thanks to this vulnerability.<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[18,942,252,306,195,309,9,249,161],"class_list":["post-12638","post","type-post","status-publish","format-standard","hentry","category-security","tag-app","tag-app0","tag-app1","tag-app4","tag-app5","tag-app7","tag-mobile","tag-security","tag-virus"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Vulnerability Found in Alexa App, What Should You Do? - PSafe Blog<\/title>\n<meta name=\"description\" content=\"Vulnerability Found in Alexa App, What Should You Do?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability Found in Alexa App, What Should You Do? - PSafe Blog\" \/>\n<meta property=\"og:description\" content=\"Vulnerability Found in Alexa App, What Should You Do?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/\" \/>\n<meta property=\"og:site_name\" content=\"PSafe Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-18T22:00:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-07-20T17:50:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg\" \/>\n<meta name=\"author\" content=\"PSafe Newsroom\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/\"},\"author\":{\"name\":\"PSafe Newsroom\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/#\\\/schema\\\/person\\\/1c3c9cd7f8f7ff5b8e8071d39226b99d\"},\"headline\":\"Vulnerability Found in Alexa App, What Should You Do?\",\"datePublished\":\"2017-07-18T22:00:41+00:00\",\"dateModified\":\"2017-07-20T17:50:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/\"},\"wordCount\":432,\"image\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/run-security-scan-1-300x67.jpg\",\"keywords\":[\"app\",\"app0\",\"app1\",\"app4\",\"app5\",\"app7\",\"Mobile\",\"security\",\"v\u00edrus\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/\",\"url\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/\",\"name\":\"Vulnerability Found in Alexa App, What Should You Do? - PSafe Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/run-security-scan-1-300x67.jpg\",\"datePublished\":\"2017-07-18T22:00:41+00:00\",\"dateModified\":\"2017-07-20T17:50:02+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/#\\\/schema\\\/person\\\/1c3c9cd7f8f7ff5b8e8071d39226b99d\"},\"description\":\"Vulnerability Found in Alexa App, What Should You Do?\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/run-security-scan-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/wp-content\\\/uploads\\\/2017\\\/04\\\/run-security-scan-1.jpg\",\"width\":353,\"height\":79},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/vulnerability-found-alexa-app\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability Found in Alexa App, What Should You Do?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/\",\"name\":\"PSafe Blog\",\"description\":\"Articles and news about Mobile Security, Android, Apps, Social Media and Technology in general.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/#\\\/schema\\\/person\\\/1c3c9cd7f8f7ff5b8e8071d39226b99d\",\"name\":\"PSafe Newsroom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0ce470a17403045075d8cd48a742ebd97c085f6d510cfd605fb223ba3fad770b?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0ce470a17403045075d8cd48a742ebd97c085f6d510cfd605fb223ba3fad770b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0ce470a17403045075d8cd48a742ebd97c085f6d510cfd605fb223ba3fad770b?s=96&d=mm&r=g\",\"caption\":\"PSafe Newsroom\"},\"description\":\"The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.\",\"url\":\"https:\\\/\\\/www.psafe.com\\\/en\\\/blog\\\/author\\\/newsroom-psafe\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability Found in Alexa App, What Should You Do? - PSafe Blog","description":"Vulnerability Found in Alexa App, What Should You Do?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability Found in Alexa App, What Should You Do? - PSafe Blog","og_description":"Vulnerability Found in Alexa App, What Should You Do?","og_url":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/","og_site_name":"PSafe Blog","article_published_time":"2017-07-18T22:00:41+00:00","article_modified_time":"2017-07-20T17:50:02+00:00","og_image":[{"url":"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg","type":"","width":"","height":""}],"author":"PSafe Newsroom","twitter_misc":{"Written by":false,"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#article","isPartOf":{"@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/"},"author":{"name":"PSafe Newsroom","@id":"https:\/\/www.psafe.com\/en\/blog\/#\/schema\/person\/1c3c9cd7f8f7ff5b8e8071d39226b99d"},"headline":"Vulnerability Found in Alexa App, What Should You Do?","datePublished":"2017-07-18T22:00:41+00:00","dateModified":"2017-07-20T17:50:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/"},"wordCount":432,"image":{"@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg","keywords":["app","app0","app1","app4","app5","app7","Mobile","security","v\u00edrus"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/","url":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/","name":"Vulnerability Found in Alexa App, What Should You Do? - PSafe Blog","isPartOf":{"@id":"https:\/\/www.psafe.com\/en\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#primaryimage"},"image":{"@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1-300x67.jpg","datePublished":"2017-07-18T22:00:41+00:00","dateModified":"2017-07-20T17:50:02+00:00","author":{"@id":"https:\/\/www.psafe.com\/en\/blog\/#\/schema\/person\/1c3c9cd7f8f7ff5b8e8071d39226b99d"},"description":"Vulnerability Found in Alexa App, What Should You Do?","breadcrumb":{"@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#primaryimage","url":"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1.jpg","contentUrl":"https:\/\/www.psafe.com\/en\/blog\/wp-content\/uploads\/2017\/04\/run-security-scan-1.jpg","width":353,"height":79},{"@type":"BreadcrumbList","@id":"https:\/\/www.psafe.com\/en\/blog\/vulnerability-found-alexa-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/www.psafe.com\/en\/blog\/"},{"@type":"ListItem","position":2,"name":"Vulnerability Found in Alexa App, What Should You Do?"}]},{"@type":"WebSite","@id":"https:\/\/www.psafe.com\/en\/blog\/#website","url":"https:\/\/www.psafe.com\/en\/blog\/","name":"PSafe Blog","description":"Articles and news about Mobile Security, Android, Apps, Social Media and Technology in general.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.psafe.com\/en\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.psafe.com\/en\/blog\/#\/schema\/person\/1c3c9cd7f8f7ff5b8e8071d39226b99d","name":"PSafe Newsroom","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0ce470a17403045075d8cd48a742ebd97c085f6d510cfd605fb223ba3fad770b?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0ce470a17403045075d8cd48a742ebd97c085f6d510cfd605fb223ba3fad770b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0ce470a17403045075d8cd48a742ebd97c085f6d510cfd605fb223ba3fad770b?s=96&d=mm&r=g","caption":"PSafe Newsroom"},"description":"The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.","url":"https:\/\/www.psafe.com\/en\/blog\/author\/newsroom-psafe\/"}]}},"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/12638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=12638"}],"version-history":[{"count":0,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/12638\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=12638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=12638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=12638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}