It has been reported that millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. Using this attack, bad actors can decrypt packets sent by clients in order to steal sensitive information that is sent over plain text. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping.
Commenting on this, Sam Curry, chief security officer at Cybereason, said “The Amazon Echo, Kindle and the entire Amazon home automation suite sits at the intersection of our personal and digital lives. The implications at home and at work and how to accommodate these devices safely and securely are still being discovered. WiFi sniffing, interception and hijacking are nothing new, but this latest development may have more implications than simply snooping on your Kindle reading habits. Keep in mind that businesses have commercial relationships in place with AWS and your Amazon identity is often linked to your home, your bank accounts and credit cards. It’s a good idea for Amazon to think carefully about all of its common components and this usage sooner rather than later.”