It also includes the Kindle.
ESET has just detailed a report where it has discovered that the popular smart speaker Amazon Echo was prone to a number of the ten Key Reinstallation Attack (KRACK) vulnerabilities that also included one generation of the company’s Kindle e-reader. Don’t worry though, since the vulnerability was discovered in 2017 and was already reported to Amazon who has patched it immediately.
Two Belgian researchers, Mathy Vanhoef and Frank Piessens, were the ones who found a serious problem with the WPA2 standard. WPA2 is one of the popular security methods used by most, if not all, wireless networks at home and in offices.
The vulnerability was named the ‘KRACK’ attack which happens during a four-way handshake. ESET explains this as a process that serves two purposes: “confirming that both the client and access point possess the correct credentials, and negotiation of the key used for encryption of the traffic.” They also said that even until now may devices using Wi-Fi are still vulnerable to KRACK.
“In recent years, hundreds of millions of homes have become smarter and internet-enabled via one of the many popular home assistant devices available on the market. Despite the efforts of some vendors to develop these devices with security in mind, these often remain vulnerable,” says ESET researcher Miloš Čermák. “We identified multiple flaws in at least three Amazon devices, which could have posed a far-reaching security risk due to the numbers in which they have been sold,” explains Čermák.
As for the case of the Amazon devices, it was revealed that the 1st-generation Echo and 8th-generation Kindle were the affected devices. Simply put, if Amazon hasn’t patched the devices, hackers will be able to hijack sensitive information like passwords from each user.
“It should be noted that KRACK attacks – similar to any other attack against Wi-Fi networks – require close proximity to be effective,” adds Miloš Čermák.
All of these smart devices are cool to own, but always make sure they’re updated so any problems, whether it’s on the software or its a security issue, could be prevented.