Page Loader
Browser bug exploited to hack Amazon Alexa: Details here

Browser bug exploited to hack Amazon Alexa: Details here

Nov 10, 2019
12:35 pm

What's the story

When it comes to smart assistants, Amazon's Alexa is one of the undisputed winners. The digital helper packs a lot of capabilities, but over the last few weeks, we've also been witnessing several exploits/hacks associated with it. Now, in another similar case, a group of researchers has shown that Alexa can be hacked using a simple browser bug. Here's all about it.

Hack

Two researchers compromised Alexa at Pwn2Own, won $60,000

At this year's Pwn2Own hackathon, a couple of researchers, Amat Cama and Richard Zhu, demonstrated a range of exploits and bagged the top prize of $60,000. One of their exploits - integer overflow hack - tied to Alexa and highlighted how the smart assistant on the latest Amazon smart-display, Echo Show 5, can be compromised with the help of a browser and malicious Wi-Fi.

Attack

Older version of Chromium exploited for the attack

While demonstrating the attack, the researchers claimed that the device in question comes with an older version of Chromium, Google's open-source browser projects. They said, this version had been forked during development, which essentially allows them to use a malicious Wi-Fi hotspot as a way to trigger an integer overflow and take full control of the device.

Details

What happens with integer overflow?

As TechCrunch explains, an integer overflow occurs when an IoT device performs a mathematical operation and tries to produce a number but overflows that number outside of the allocated memory owing to the lack of space. This overflow, according to the researchers, results in security implications, giving an opportunity to take full control of the device.

Amazon's response

Amazon is now investigating the matter

After the hack was demonstrated, Amazon responded on the matter, claiming that it is conducting an internal investigation into the exploit shown by the researchers. The company added that it "will be taking appropriate steps to protect our devices based on our investigation," but didn't specify what will be these steps or when they will be taken.

Information

Previously reported Alexa hacks

The report of this hack comes just a few days after a group of researchers demonstrated a way to hack Alexa by the way of lasers, while another showed how compromised Skills can be used to turn the assistant into a spy.