Tag Archive for: Alexa
Hey Alexa Go Hack Yourself: Researchers Detail Wild Self-Issued Smart Speaker Hijacks
Did you ever get an Amazon delivery and not remember placing an order for the item? There are plenty of stories of this all over the internet, and sometimes those boil down to one too many cocktails in your attitude adjustment hour. What if we told you that maybe one of those times it wasn’t related to brain fog or blackouts, but some random person decided to order something for you through your own Amazon Echo device?
That’s what researchers from the University of London’s Royal Holloway, and Catania University in Italy discovered is entirely possible. Through a few different methods of either social engineering or just being nearby an Echo device, Alex can be activated and used fairly easily. Tested on the third generation of the Echo Dot, though believed to be exploitable via fourth gen devices as well, the researchers found that playing audio files with the right wake words will activate the Alexa Voice-enabled device it is playing from. Dubbed “Alexa Versus Alexa” by the researchers, the exploit can be used to order products, make modifications to settings, install skills, and a whole host of other functionality that the Echo device product line allows Amazon Echo Dot owners to take advantage of.
An social engineering exploit example would be having someone activate an internet radio station that intentionally utilizes common activation terms. So pre-existing skills, like Echo’s Music and Radio skill, may play one of these stations that then let that device activate itself. Part of the reason this can be a really big problem is that Amazon’s Echo devices typically only validate account activity and actions during the initial setup of the device. Skill installation is a big deal for this because these are small apps that run directly on the device, and with the right malicious code they can potentially be a security threat. That creates a situation where once the vulnerability is activated, the attacker can issue any command that is at the disposal of the Echo device.
Amazon has issued a patch (check your software version here), which you can force by asking the device to ‘check for updates’. However, the issue remains if the attacker is in…
State of the Word, Gravatar Breaches, Log4J, Alexa Retires, Lawsuits, and More 🗞️ January 2022 WordPress News w/ CodeinWP
Publishers sue Google and Facebook over ad revenue
In a newly consolidated antitrust lawsuit, more than 30 companies that collectively own 200+ local newspapers are suing Google and Facebook, alleging that the two companies manipulated the digital ad market and caused local publishers to lose money.
The goal of the lawsuit is “to recover past damages to newspapers,” as Axios reports.
As part of the lawsuit, the companies allege that Google and Facebook colluded to maximize Google and Facebook’s take-home of advertising revenue (at the expense of local publishers).
This comes on the backs of another lawsuit from publishers with respect to Google AMP, which we got an unredacted look at in October 2021.
If you’ve been building websites for a while now, you probably remember the massive push to adopt Google’s AMP framework around 2016.
AMP content was supposed to load faster on mobile, thanks to a stripped-down code base and caching on Google’s servers.
Google also gave AMP content special placement in the mobile SERPs, as your site needed to be using AMP to show up in the “Stories” section. Side note – this is no longer the case, in part because of what I’ll discuss below.
Because of this push, a lot of publishers did adopt AMP…and now they also aren’t happy with Google, in large part because of details such as Google’s knowledge that publishers using AMP were getting ~40% less revenue and that AMP might not have actually made things faster (and that Google might have actively throttled non-AMP content).
Put these cases together and you can definitely notice a trend of publishers pushing back against large tech corporations. This is especially true of local media publishers, who are in tough straights with the shift to the digital economy.
Are these the last gasps of a slowly dying industry or will we see meaningful reforms over how large tech companies interact with media publishers? Well, I guess we’ll find out when we see how the lawsuits go.