A team of researchers has revealed a potentially dangerous vulnerability in Amazon’s Alexa virtual assistant.
Skill-squatting, according to Ars Technica, is when a developer creates a similar sounding command to popular Alexa commands — called “skills” by Amazon — so that users who ask the assistant, for example, for “cat facts” may instead get the developer-created “cat fax,” which could turn out to be a malicious application.
“Developers are already giving their applications names that are similar to those of popular applications. Some of these — such as ‘Fish Facts’ (a skill that returns random facts about fish, the aquatic vertebrates) and ‘Phish Facts’ (a skill that returns facts about the Vermont-based jam band) — are accidental, but others such as ‘Cat Fax’ (which mimics ‘Cat Facts’) are obviously intentional,” Ars Technica reported. “Thanks to the way Alexa handles requests for new ‘skills’ — the cloud applications that register with Amazon — it’s possible to create malicious skills that are named with homophones for existing legitimate applications… This sort of thing offers all kinds of potential for malicious developers.”
To compare this “skill-squatting” of the Alexa system with normal Internet use, it is similar to mistyping a web address which takes the user to a fake version of the site that they attempted to visit, a fake site which may be malicious.
More
To put an internet connected device in your home that is constantly listening to every word spoken in the household is insane to me. My smart TV isn't given the password to my wi fi either. The mike and camera on my computer are taped over.
ReplyDeleteI don't connect to the "cloud", either.
Great post. Definitely this one of the informative and useful post to me. Thanks much for sharing. If you want to boost your product then hire our virtual assistant which help to grow your business.
ReplyDeletehttps://www.amz-doc.com