
I asked a hacker to spy on me via my Amazon account - wslh
https://www.kuow.org/stories/primed-season-3-episode-8
======
ozim
I would say it is freaking stupid post... But in the end it is important.
Security is about people who have credentials and don't disclose those. Two
factor auth with app would prevent that, but maybe someone who reads this
article will also start using 2FA.

Pity that author did not mentioned 2FA.

~~~
danilocesar
The author gave them his username and password. The research team could also
ask for the 2FA token. 2FA doesn't prevent this kind of attack.

------
tracer4201
Author asked hacker to spy on him. Author received phishing email, knew it was
a phishing email, and took the bait anyway. “Hacker” logged into Alexa using
authors phished credentials and controlled his smart devices.

Not an interesting article at all. Not sure how this is front page content but
okay.

------
sdan
I didn't get the point of the article. Is it to point out that many can't tell
whether they're getting phished? Or is it that Amazon's APIs aren't secure?

Not really sure what the point of this is.

Regardless, how would that white-hack hacker get so much access? Can you do
this with Amazon's APIs? I don't really use Amazon APIs to know.

------
lifeisstillgood
As a family with approximately two hundred of these devices, I had a
conversation with my wife that went along the lines of "and spell out
precisely what the dangers are"

I think being able to do this - to hack oneself, is a useful indicator as to
what doors one is leaving open. I would love to try and turn Alexa into a
always on microphone - and love to know how to detect it even more !

------
fastto
Most useless cringe thing I've seen read in a long time. What a wast of time.

