We don’t always hear about Amazon’s Alexa getting hacked but there are certainly problems concerning privacy and security. It’s not exactly the most secure and private but some of you may agree it’s been very useful. It’s a close rival of the Google Assistant and we expect both assistants will expand further in the coming years to more devices, platforms, and places. For Alexa, there will be more than 200 million devices sold all over the world before 2020 is over.
That’s only an estimate but it’s highly possible. The AI-based virtual assistant by Amazon can do a lot of things like voice interaction, set alarms, enable other tasks, play music, and other kinds of automation for the home.
Alexa has a lot of “skills”. Amazon has allowed third-party to come up with skills as part of the integration. These skills could sometime present as apps which means they are not totally private and secure according to Check Point Research.
Some Alexa sub-domains are said to be vulnerable to Cross Site Scripting and Cross-Origin Resource Sharing (CORS) misconfiguration. Such vulnerabilities mean some skills or apps can be installed on an Alexa account. Installed skills can also be identified or silently removed. A victim’s personal information and voice history with Alexa can also be obtained by an attacker.
All these discoveries of vulnerabilities have been reported to Amazon back in June. Good news: Amazon has already fixed the issues. If you use Alexa, don’t worry about the problems we mentioned happening. Alexa should be safe, private, and secure now–until the next hack.