Browser bug exploited to hack Amazon Alexa: Details here
What's the story
When it comes to smart assistants, Amazon's Alexa is one of the undisputed winners. The digital helper packs a lot of capabilities, but over the last few weeks, we've also been witnessing several exploits/hacks associated with it. Now, in another similar case, a group of researchers has shown that Alexa can be hacked using a simple browser bug. Here's all about it.
Hack
Two researchers compromised Alexa at Pwn2Own, won $60,000
At this year's Pwn2Own hackathon, a couple of researchers, Amat Cama and Richard Zhu, demonstrated a range of exploits and bagged the top prize of $60,000. One of their exploits - integer overflow hack - tied to Alexa and highlighted how the smart assistant on the latest Amazon smart-display, Echo Show 5, can be compromised with the help of a browser and malicious Wi-Fi.
Attack
Older version of Chromium exploited for the attack
While demonstrating the attack, the researchers claimed that the device in question comes with an older version of Chromium, Google's open-source browser projects. They said, this version had been forked during development, which essentially allows them to use a malicious Wi-Fi hotspot as a way to trigger an integer overflow and take full control of the device.
Details
What happens with integer overflow?
As TechCrunch explains, an integer overflow occurs when an IoT device performs a mathematical operation and tries to produce a number but overflows that number outside of the allocated memory owing to the lack of space. This overflow, according to the researchers, results in security implications, giving an opportunity to take full control of the device.
Amazon's response
Amazon is now investigating the matter
After the hack was demonstrated, Amazon responded on the matter, claiming that it is conducting an internal investigation into the exploit shown by the researchers. The company added that it "will be taking appropriate steps to protect our devices based on our investigation," but didn't specify what will be these steps or when they will be taken.
Information
Previously reported Alexa hacks
The report of this hack comes just a few days after a group of researchers demonstrated a way to hack Alexa by the way of lasers, while another showed how compromised Skills can be used to turn the assistant into a spy.