KRACK, the attack that hits Amazon Echo and Kindle

Is called KRACK (Key Reinstallation Attacks) the type of attack that threatens the security of some devices Amazon discovered by the ESET Smart Home team of researchers. Some vulnerabilities related to WiFi networks are exploited, allowing attackers to slip in communication between server and client, modifying the cryptographic key used for data protection.

KRACK: Amazon Echo and Kindle under attack

A problem first brought to light in October 2017 and which according to what has been revealed today directly affects the first generation of Echo products based on Alexa and the eighth of the eBook reader line Kindle. A part of these would still be exposed to the risk of seeing the device used for DoS attacks. Dangers also for privacy because through specific methods it is possible to decipher the information transmitted, including sensitive data, session cookies and passwords.

Amazon Echo and Kindle devices affected by the vulnerability

The team of ESET claims to have made known the situation to Amazon on October 23, 2018, with the company which then on 8 January 2019 announced that it had solved the problems by making a solution and planning the distribution of a software update.

To correct the vulnerabilities in several million devices involved, Amazon has released and distributed a new version of wpa_supplicant, a software application on the client device responsible for properly authenticating WiFi networks.

It is good to specify that attacks they cannot occur unless they are near the WIFI network to be compromised. The violation can take place only and exclusively if the attacker and victim are within the range of the same network. Furthermore, it should be emphasized that, fortunately, the use of additional protection measures solely for WPA / WPA2 encryption (for example HTTPS and TLS) usually renders any data intercepted unusable. The advice is in any case to ascertain via Amazon's official application that the latest firmware version is installed on the devices owned.

READ  Record quarterly Amazon: Bezos e-commerce flies

Facebook Comments

Michael

My name is Michael, I’m professional software developer and blogger, made this website to share my knowledge about everything what you see here 🙂 haha hope you will like that, and do not forget to follow me on my twitter.

You may also like...