Is called KRACK (Key Reinstallation Attacks) the type of attack that threatens the security of some devices Amazon discovered by the ESET Smart Home team of researchers. Some vulnerabilities related to WiFi networks are exploited, allowing attackers to slip in communication between server and client, modifying the cryptographic key used for data protection.
KRACK: Amazon Echo and Kindle under attack
A problem first brought to light in October 2017 and which according to what has been revealed today directly affects the first generation of Echo products based on Alexa and the eighth of the eBook reader line Kindle. A part of these would still be exposed to the risk of seeing the device used for DoS attacks. Dangers also for privacy because through specific methods it is possible to decipher the information transmitted, including sensitive data, session cookies and passwords.
The team of ESET claims to have made known the situation to Amazon on October 23, 2018, with the company which then on 8 January 2019 announced that it had solved the problems by making a solution and planning the distribution of a software update.
To correct the vulnerabilities in several million devices involved, Amazon has released and distributed a new version of wpa_supplicant, a software application on the client device responsible for properly authenticating WiFi networks.
It is good to specify that attacks they cannot occur unless they are near the WIFI network to be compromised. The violation can take place only and exclusively if the attacker and victim are within the range of the same network. Furthermore, it should be emphasized that, fortunately, the use of additional protection measures solely for WPA / WPA2 encryption (for example HTTPS and TLS) usually renders any data intercepted unusable. The advice is in any case to ascertain via Amazon's official application that the latest firmware version is installed on the devices owned.