Authorization

A browser bug was enough to hack an Amazon Echo

Two security researchers have been crowned the top hackers in this year’s Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo.
Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display.
The researchers found that the device uses an older version of Chromium, Google’s open-source browser projects, which had been forked some time during its development. The bug allowed them to take “full control” of the device if connected to a malicious Wi-Fi hotspot, said Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which put on the Pwn2Own contest.
The researchers tested their exploits in a radio-frequency shielding enclosure to prevent any outside interference.
“This patch gap was a common factor in many of the IoT devices compromised during the contest,” Gorenc told TechCrunch.
A browser bug was enough to hack an Amazon Echo
Amat Cama (left) and Richard Zhu (right), who make up Team Fluoroacetate. (Image: ZDI)
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Ноябрь 2019    »
ПнВтСрЧтПтСбВс
 123
45678910
11121314151617
18192021222324
252627282930