Wi-Fi Bug in Amazon Echo and Kindle Devices Assist Attackers in Stealing Sensitive Data
There is no denying the fact that Amazon Echo and Kindle devices are extremely popular and are utilized by a large number of users around the world. The news, therefore, comes as a huge shock to those millions of users that some researchers from ESET Smart Home saw that Amazon Echo and Kindle Echo are vulnerable against KRACK attacks.
The KRACK attacks, discovered and published by two Belgian researchers in October 2017 are based on the weaknesses in the WPA2 protocol utilized in modern-day Wi-Fi devices.
The weakness is said to have been exploited by the attackers utilizing key reinstallation attacks if the victim resides within the system and the successful exploitation of the attack enables attackers to steal sensitive details, for example, credit numbers, passwords, chat messages emails, photos, etc.
Researchers tried the first generation of the Amazon Echo devices with original Amazon Alexa as well as the eighth generation of Amazon Kindle and concluded that they are vulnerable against two KRACK vulnerabilities.
With KRACK scripts, ESET researchers ready to “replicate the reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake (CVE-2017-13077) and reinstallation of the group key (GTK) in the four-way handshake (CVE-2017-13078).”
As per the ESET team, the vulnerabilities enable the attackers to
Replay old packets to cause a DOS attack or interferences.
- Unscramble the data transmitted.
- Attackers can likewise forge packets.
- It can even steal sensitive details, like passwords or session cookies.
Nonetheless, Amazon has acknowledged the issue as soon as the vulnerabilities were accounted for to it on October 23rd, 2018 and to do that Amazon distributed another version of software application wpa_supplicant that is responsible for the correct authentication to the Wi-Fi network.