![]() ![]() However, the script used could be bypassed using the Frida SSL universal unpinning script. ![]() When Check Point first began examining the Alexa mobile app, the company noticed the existence of an SSL mechanism that prevents traffic inspection. The smart assistant, which is found in devices such as the Amazon Echo and Echo Dot - with over 200 million shipments worldwide - was vulnerable to attackers seeking user personally identifiable information (PII) and voice recordings.Ĭheck Point Research said on Thursday that the security issues were caused by Amazon Alexa subdomains susceptible to Cross-Origin Resource Sharing (CORS) misconfiguration and cross-site scripting (XSS) attacks. Subdomains belonging to the service were found to be harboring CORS errors and vulnerable to XSS attacks.Īmazon's Alexa voice assistant could be exploited to hand over user data due to security vulnerabilities in the service's subdomains.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |