Amazon Echo first generation and Amazon Kindle eighth generation devices harboured an old WiFi vulnerability that allows an attacker to execute a man-in-the-middle attack at a WPA2 protected network, found ESET researchers.
These Key Reinstallation Attack (KRACK) vulnerabilities were reported to – and subsequently patched by – Amazon’s security team, said the EsET report.
The KRACK vulnerabilities were discovered by Belgian researchers Mathy Vanhoef and Frank Piessens in 2017.
KRACK attacks were mostly aimed against the four-way handshake – a mechanism used for two purposes: confirming that both the client and access point possess the correct credentials, and negotiation of the key used for encryption of the traffic, said their research paper.
"Vanhoef’s team found that an adversary could trick a victim device into reinitialiszing the pair-wise key used in the current session (this is not the Wi-Fi password) by crafting and replaying cryptographic handshake messages," said the ESET report.
This flaw allowed attackers to gradually reconstruct the encryption XOR stream and then track the victim’s network traffic.
"Amazon home assistant was also susceptible to yet another network vulnerability, unrelated to KRACK: a broadcast replay attack – a network attack in which a valid broadcast transmission is fraudulently repeated and then accepted by the targeted device," said the ESET report.
In this low-tier attack, an adversary can abuse to launch a denial of service (DoS) attack or collect packets for future cryptoanalysis or brute force attack.
"WiFi sniffing, interception and hijacking are nothing new, but this latest development may have more implications than simply snooping on your Kindle reading habits. Keep in mind that businesses have commercial relationships in place with AWS and your Amazon identity is often linked to your home, your bank accounts and credit cards," said Cybereason chief security officer Sam Curry.
"It's a good idea for Amazon to think carefully about all of its common components and this usage sooner rather than later," he added.
"There's no stopping users from connecting from public WiFi hotspots, so it's up to the enterprise to layer on protection mechanisms. This vulnerability speaks to the importance of ensuring that all connections from endpoints leverage strong encryption, such as the latest versions of TLS," said Bitglass CMO Rich Campagna.
A patch was pushed out to affected devices in the beginning of the year.
"To check if the patch has been successfully installed on your Echo, you can ask Alexa to ‘check for software updates’. In doing so, Alexa will check whether your device has the latest software updates installed," said Boris Cipot, senior security engineer at Synopsys.
The same process applies for Kindle, where the user can go to ‘Settings’ and click on the menu button to open device information.
"You should have the latest version (5.12.1) installed on your device. If not, you should install this specific version immediately to ensure your device isn’t susceptible to KRACK or other potential vulnerabilities that have been resolved with this update," Cipot said.
"Intermediary proxies can ensure that regardless of what the application supports, all connections from end user devices leverage strong encryption," said Campagna.
"Always make sure your devices are up to date with the most recent software version, and never install non-Amazon firmware updates on these devices," Cipot added.