Smart home devices have been at the center of a lot of controversy surrounding consumer privacy. The always-listening Amazon Alexa and Google Home smart assistants have recorded conversations they were never meant to hear, while Nest security cameras have been the target of hackers that used them to harass homeowners. As the manufacturers scramble to ensure privacy guidelines are met, more vulnerabilities seem to crop up from every angle.
Now the first-generation Amazon Echo and the eighth-generation Amazon Kindle are vulnerable to two separate Krack (key reinstallation attack) exploits — a weakness that enables hackers to access the device over Wi-Fi. It can grant a bad actor the ability to view and control traffic across a standard WPA2 network.
According to Forbes, Amazon the vulnerabilities were patched as soon as they were discovered, citing the importance of customer trust in the company.
It’s important to note that any type of cyberattack against Wi-Fi networks are hard to pull off. The attacker has to be nearby to perform them, and the average person isn’t likely to be the target of something like this. This particular type of attack was only discovered in 2017 by a pair of security researchers named Mathy Vanhoef and Frank Piessens. Their paper on the Krack attack outlines the attack, how it can be used, and much more. It’s worth a read for anyone interested in cybersecurity.
Amazon has made many strides in recent months to improve the security of its devices. In May, Senator Chris Coons (D-Delaware) began questioning Jeff Bezos about Amazon recording practices. Since that time, Amazon has introduced the ability to delete voice recordings, opt-out of human review on any recordings that are kept, and added the “tell me what you heard” command. This command forces Alexa to explain why she performed a specific action and lends transparency to how the device listens and translates what it hears.
The give and take between consumer privacy and always-listening devices is a tightrope walk, but the hope is that as more users become aware and concerned about potential privacy violations, companies will take the steps necessary to keep your life private.