Vulnerability Found in Alexa App, What Should You Do?
Amazon’s Alexa can make your life a whole lot easier. Alexa can also make life a whole lot less safe thanks to this vulnerability.
Amazon’s Alexa is an incredibly helpful, albeit slightly limited, personal assistant. It can play music, read audiobooks, host a trivia night, set a timer, order pizza, and perform a number of other useful tasks. One more thing Alexa can do? Alexa can allow anyone with your Amazon credentials access to your account’s calling and messaging capabilities. To ensure that this vulnerability, and other similar ones, aren’t allowing hackers to introduce malware onto your Android, be sure to run a Security Scan. This scan will quickly verify that your phone is free of any security breaches:
Read More: Phishing Attacks Can Be Stealthier Than You Think
If your Amazon Echo account does not have two-factor authentication enabled, anyone with access to your Amazon credentials will be able to make Alexa calls and messages as another account, receive Alexa calls and messages sent to another account, and sync your Alexa account’s contacts with their device. For those who own the brand new Amazon Echo Show, which allows users to virtually “drop in” on trusted contacts’ houses, the dangers this breach poses are even more significant.
Safety Tips
To ensure that this security hole doesn’t result in the loss of sensitive data, all users need to do is turn on two-factor authentication. This can be done by logging in to your Amazon homepage and clicking the “Login and Security” button. From there, click the edit button on “Advanced Security Settings” and then “Get Started.” From there, Amazon will allow you to register your phone number or a preferred authenticator app which can be synced through a QR code.
In fact, relying on 2FA is a smart move for all accounts. This is an easy way to add an extra measure of security of all login sequences. Two-factor authentication can rely on three different types of authentication, including something a user knows (such as a PIN or a password), something a user owns (such as a smartphone), and something to identify a user (such as a fingerprint or retina scan). As the password is often the weakest link in account security, creating a backup mode of authentication is a smart idea in any case.