A team of university researchers found multiple privacy and security issues in Amazon’s Alexa skill vetting process that could lead to threat actors stealing data and launching phishing attacks. The security-threat claim, however, has been dismissed by Amazon.
The researchers from North Carolina State University, the Ruhr-University Bochum, and Google, in their research paper, said, “While skills expand Alexa’s capabilities and functionalities, it also creates new security and privacy risks. We identify several gaps in the current ecosystem that can be exploited by an adversary to launch further attacks, including registration of arbitrary developer name, bypassing of permission APIs, and making backend code changes after approval to trigger dormant intents.”
To Read More: ThreatPost