Wi-Fi vulnerability affects Amazon Echo and Kindle
Specifically, this problem affects the first generation of Amazon Echo and the eighth generation of Amazon Kindle. They are susceptible to an old vulnerability that many readers will remember: KRACK. Yes, the one that allowed an attacker to break the protection of a Wi-Fi network encrypted with WPA-2.
This vulnerability could allow an attacker steal the packages sent by the victim through these devices. It could decipher the confidential information they carry.
The bug has been discovered by a group of security researchers from ESET Smart Home. As we have mentioned, they discovered that the first generation Amazon Echo devices and the second generation Amazon Kindle devices continue to be affected by the KRACK vulnerability.
To reach this conclusion they have carried out a series of tests. From ESET they discovered that both devices are vulnerable to CVE-2017-13077 and CVE-2017-13078. They state that by using the Vanhoef scripts, they were able to replicate the reinstallation of the peer encryption key (PTK-TK) on the CVE-2017-13077 four-way handshake and the reinstallation of the group key (GTK) on the CVE-2017-13078 four-way handshake.
How can this affect users? From ESET they indicate that an attacker could perform DoS attacks and disrupt network communication or attack to decrypt any data or information transmitted by the victim. It could also intercept confidential information, steal passwords or session cookies.
Security update available
Luckily users of these devices who have the latest updates and patches will not have problems. However, the reality is that many users do not update these computers. It is something that affects many IoT devices and other secondary computers that have access to the network.
For those who have a first-generation Amazon Echo or an eighth-generation Amazon Kindle, from RedesZone we recommend that update to the latest version as soon as possible. In this way they will be protected from this type of problem that can put privacy and security at risk.
As we always say, it is very important that our devices are always up to date. In this way we can deal with these types of vulnerabilities that can be exploited by hackers to carry out their attacks. Normally, it is the manufacturers themselves who launch patches and security updates that we must install regardless of the type of device or operating system that we are using. Safety is a factor that must be taken care of so as not to compromise the proper functioning of our equipment.