This Popular Device Could Be Putting Your Family at Risk, Study Finds
Many people use this item in their home, but it may harbor huge security flaws.
Your home should be a safe spot for you and your family. Over the years, however, you've likely accumulated more and more technology within your household to make things run smoothly, and not everything you bring into your home is keeping you protected. In fact, a new study has found that one popular device you might have at home could be putting your family at risk. Keep reading to find out about this major security problem, and for more potential dangers at home, If You're Using This to Relax, the FDA Says Stop Immediately.
A study says that Alexa majorly runs on third-party programs.
A study published March 4 from North Carolina State University says that Amazon uses third-party programs, called "skills," for Alexa to allow people to do many different things, from listening to music to ordering groceries. There are more than 100,000 skills users can choose from, the majority of which are created by third-party developers. Unfortunately, these third-party skills introduce multiple issues that could put a user's safety at risk.
"When people use Alexa to play games or seek information, they often think they're interacting only with Amazon," Anupam Das, co-author of the paper and an assistant professor of computer science at North Carolina State University, explained in a statement. "But a lot of the applications they are interacting with were created by third parties, and we've identified several flaws in the current vetting process that could allow those third parties to gain access to users' personal or private information." And for more on daily peril, This Is the Most Dangerous State in America.
The researchers found several security flaws within these third-party programs.
The researchers used an automated program to collect and review more than 90,000 skills from seven different skill stores. In the study, they found that skill stores display the name of the developer who created them, but Amazon doesn't vet this. In other words, anyone could claim to be a trustworthy developer and then engage in phishing attacks. The researchers in the study were able to successfully register skills under developer names such as "Microsoft," "Samsung," "Ring," and "Withings," even though they had no association with these companies.
The researchers also found that Amazon allows multiple skills to be activated by the same requested phrase. "This is problematic because if you think you are activating one skill, but are actually activating another, this creates the risk that you will share information with a developer that you did not intend to share information with," Das said. "For example, some skills require linking to a third-party account, such as an email, banking, or social media account. This could pose a significant privacy or security risk to users." And for more up-to-date information, sign up for our daily newsletter.
According to the study, the privacy protections Amazon currently has are inadequate.
The researchers say there are ways Amazon can make Alexa safer for users.