728 x 90

Older Amazon Echo and Kindle devices vulnerable to KRACK WiFi security flaw

Older Amazon Echo and Kindle devices vulnerable to KRACK WiFi security flaw

Tens of millions of Amazon Echo and Kindle devices have been sold in the US alone First-generation Amazon Echo devices and older Kindle e-readers are vulnerable to a WiFi security vulnerability from 2017, with users urged to update and patch their devices as soon as possible.  The KRACK WiFi vulnerability was first disclosed in 2017 was

Older Amazon Echo and Kindle devices vulnerable to KRACK WiFi security flaw

Tens of millions of Amazon Echo and Kindle devices have been sold in the US alone

First-generation Amazon Echo devices and older Kindle e-readers are vulnerable to a WiFi security vulnerability from 2017, with users urged to update and patch their devices as soon as possible. 

The KRACK WiFi vulnerability was first disclosed in 2017 was impacting millions of older Amazon devices in 2018, according to ESET Smart Home Research Team.

The bug was eventually patched by Amazon earlier this year, after ESET researchers informed the company about it in October 2018.

Dubbed KRACK (Key Reinstallation Attack), this vulnerability was discovered by two Belgian security researchers, Frank Piessens and Mathy Vanhoef, in October 2017. It existed in the four-way handshake of the WPA2 protocol, which secured almost all modern Wi-Fi networks at that time.

The researchers found that the bug enabled malicious actors to decrypt information being sent in plain text over WiFi networks.

According to the researchers, KRACK could allow hackers to carry out attacks against devices on a WPA2 protected network.

Last year, ESET researchers carried out some tests to evaluate the security of older Kindle and Echo devices and found that Amazon Echo (first-gen) and Amazon Kindle (eighth-gen) devices were still vulnerable to two KRACK vulnerabilities: CVE-2017-13078 and CVE-2017-13077.

The vulnerabilities allowed attackers to intercept sensitive details such as session cookies or passwords; forge or inject data packet; disrupt network communication; and much more.

Since tens of millions of Amazon Echo and Kindle devices have been sold in the US alone, this posed an extensive security risk.

ESET disclosed those vulnerabilities to Amazon on 23rd October 2018. The company told ESET that it would examine those bugs and come up with patches, if required.

On 8th January 2019, Amazon informed ESET that a patch for the vulnerabilities was ready and that the company would push it to vulnerable devices in the coming weeks.

The patch came in the form of a small programme, wpa_supplicant, which was responsible for authentication to the Wi-Fi network.

While most users of Amazon Echo and Amazon Kindle devices should have the latest firmware installed on their devices, ESET advises users to recheck their Echo and Kindle settings and ensure that they are definitely using the latest firmware for their devices.

Further reading

[ad_2]

Source link

Susan E. Lopez
ADMINISTRATOR
PROFILE

Posts Carousel

Leave a Comment

Your email address will not be published. Required fields are marked with *

Latest Posts

Top Authors

Most Commented

Featured Videos