Researchers have recently discovered a security vulnerability targeting Amazon Kindle and Echo devices. The KRACK WiFi vulnerability discovered back in 2017 still affects these Amazon devices.
KRACK Vulnerability Threatens Amazon Kindle And Echo
Security researchers from the ESET Smart Home Research Team have recently highlighted a vulnerability targeting Amazon Kindle and Echo devices. They have found these devices exposed to KRACK (Key Reinstallation Attack) vulnerabilities. The researchers have described their findings in detail in a blog post.
In summary, team ESET tested numerous Amazon devices for their vulnerability to KRACK attacks. They disovered the Amazon Kindle 8th generation and Amazon Echo 1st generation to possess these flaws. They could even replicate the attack using the original script from the researchers who first reported KRACK.
Specifically, KRACK vulnerabilities affected the security of data transmitted over WiFi. These vulnerabilities allowed interception from data packets, access information by decrypting the data, and execute DoS attacks.
KRACK primarily affected old devices. It therefore required vendors to release new firmware for the susceptible hardware. While most vendors patched the flaw, these Amazon devices listed above still remained open to KRACK attacks.
Amazon Released The Patches
Upon discovering the bugs, the researchers quickly brought the matter to the attention of Amazon. The researchers found the bugs last year and reported them to Amazon on October 23, 2018. The vendors, in turn, confirmed the replication of attacks and preparation of patches to the researchers on January 8, 2019.
To fix the flaws, Amazon released an updated version of wpa_supplicant, the app that manages the device authentication while connecting to WiFi networks.
Although, the vulnerabilities do not seem so serious, one must consider the huge number of Amazon Echo and Kindle devices already in homes (in the millions), these bugs may have a vast impact. Therefore, researchers urge users to ensure that their respective Amazon devices are running the latest patched firmware.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug - September 16, 2020
- Ransomware Attack Targets Equinix Data Center Provider - September 16, 2020
- Raccoon Attack Aims At Breaking TLS Encryption – Though Attack Is ‘Rare’ - September 16, 2020