Category: Personal Security

Researchers Find Amazon Alexa Can Be Hacked to Record Users

From “Researchers Find Amazon Alexa Can Be Hacked to Record Users”
eWeek (04/25/18) Kerner, Sean Michael. Posted by ASIS.

The security firm Checkmarx on April 25 disclosed it has found that a malicious developer can trick Amazon’s Alexa voice assistant technology to record everything a user says. It is currently unclear if any hackers have ever exploited the flaw, which is not in the Amazon Echo hardware, but rather is an abuse of functionality in the Alexa Skills feature set. Developers can extend Alexa’s technology by building skills that provide new functionality for end users. Checkmarx found that there were several unbounded parameters that were available to Alexa skills developers that could have enabled a malicious developer to record and even transcribe what a user says, even after the user had finished communicating with the device. “Customer trust is important to us, and we take security and privacy seriously,” an Amazon spokesperson stated. “We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do.” The Checkmarx research found that an attacker could manipulate an Alexa Skill, which can be installed by unsuspecting users and doesn’t require any physical access or tampering with the Amazon Echo smart speaker. “The problem is that the attack we described leaves no trace, so a naïve user will not be able to know,” said Erez Yalon, manager of application security research at Checkmarx. “It makes sense that with the info they have now, Amazon can check if the Amazon Store hosts any malicious Alexa Skills.”

State Department Issues Europe Travel Alert Over ISIS Terror Threat

LAST UPDATED: MAY 1, 2017

The Department of State alerts U.S. citizens to the continued threat of terrorist attacks throughout Europe.  This Travel Alert expires on September 1, 2017.

Recent, widely-reported incidents in France, Russia, Sweden, and the United Kingdom demonstrate that the Islamic State of Iraq and ash-Sham (ISIS or Da’esh), al-Qa’ida, and their affiliates have the ability to plan and execute terrorist attacks in Europe.  While local governments continue counterterrorism operations, the Department nevertheless remains concerned about the potential for future terrorist attacks.  U.S. citizens should always be alert to the possibility that terrorist sympathizers or self-radicalized extremists may conduct attacks with little or no warning.

Extremists continue to focus on tourist locations, transportation hubs, markets/shopping malls, and local government facilities as viable targets.  In addition, hotels, clubs, restaurants, places of worship, parks, high-profile events, educational institutions, airports, and other soft targets remain priority locations for possible attacks.  U.S. citizens should exercise additional vigilance in these and similar locations, in particular during the upcoming summer travel season when large crowds may be common.

Terrorists persist in employing a variety of tactics, including firearms, explosives, using vehicles as ramming devices, and sharp-edged weapons that are difficult to detect prior to an attack.

If you are traveling between countries in Europe, please check the website of the U.S. embassy or consulate in your destination city for any recent security messages.  Review security information from local officials, who are responsible for the safety and security of all visitors to their host country.  U.S. citizens should also:

  • Follow the instructions of local authorities.  Monitor media and local information sources and factor updated information into personal travel plans and activities.
  • Be prepared for additional security screening and unexpected disruptions.
  • Stay in touch with your family members and ensure they know how to reach you in the event of an emergency.
  • Have an emergency plan of action ready.
  • Register in our Smart Traveler Enrollment Program (STEP).

We continue to work closely with our European partners and allies on the threat from international terrorism.  Information is routinely shared between the United States and our key partners to disrupt terrorist plotting, identify and take action against potential operatives, and strengthen our defenses against potential threats.

For further information:

Students traveling should see:  https://travel.state.gov/content/studentsabroad/en.html

Can You Hear Me? Just Say “NO!” (Or Hang Up)

Reports have surfaced about a new scam using a familiar line.  Scammers call, identify themselves by name and company and during the momentary pause that follows, the scammer says, “Can you hear me?”  Of course we all respond, “yes,” and then we hang up or say we’re not interested or let loose a string of expletives.  You get my point.  But no matter how you respond– the damage is done.

The scammer records your yes response and neatly places it in a recording making it sound like you answered yes to ordering various goods.  When you later call to complain, you are met with the sound of your own voice verifying the purchase.  As a matter of fact, these folks are bold enough to threaten to sue you if you don’t pay for your “order.”

There are so many creative scams out there it is important to remember a few simple rules that might eliminate a great deal of inconvenience (or money loss) later:

DO NOT answer calls from numbers you don’t recognize.

DO NOT verify your phone number with anyone you didn’t call.

DO NOT give out personal information on any call you did not initiate.

It is not likely we can avoid all scammers– but let’s not make it easy for them!

 

Don’t Be A Victim- Avoid Smash and Grabs

The weather is nice and the bad guys are back in town.  That means crime season is upon us and the season is usually welcomed with car break-ins.  Car break-ins are easy, generally productive, and lower risk than other larcenies.  Please take a minute to review the attached flyer for some ideas to keep your stuff off of some naughty person’s list.

2015 vehicle smash and grab flyer.jpg