I would say it is freaking stupid post... But in the end it is important. Security is about people who have credentials and don't disclose those. Two factor auth with app would prevent that, but maybe someone who reads this article will also start using 2FA.
2FA is no panacea. Most of what people call "2FA", the phone text thing, is actually "3FA". 2FA is using an alternative means to verify an identity. If someone is altering your username/password combo, the go-to second factor is generally an email address. If you want to protect against email addresses being hacked by including another identification means (phone-based text messaging) than that would be "three-factor" identification.
Those implementing 3/4/5/6-factor authentication don't actually care much about security. This is about liability. They implement the system, make it optional and tricky to setup, and then wash their hands of things if the customer fails to use the service. Putting piecemeal protections on account management pages is far easier/cheaper than actual information security management. 2FA doesn't mean anything if the company isn't properly protecting the underlying data.
If they cared, they would have a flesh-and-blood person look into any account simultaneously changing its password/email, altering its default delivery address from a New Hampshire farm to a Latvian PO box, and suddenly purchasing 10,000$ world of amazon gift cars. If they cared, such red flags would be caught by the machines and addressed by real people. Instead we get text messages to our phones.
Author asked hacker to spy on him. Author received phishing email, knew it was a phishing email, and took the bait anyway. “Hacker” logged into Alexa using authors phished credentials and controlled his smart devices.
Not an interesting article at all. Not sure how this is front page content but okay.
I didn't get the point of the article. Is it to point out that many can't tell whether they're getting phished? Or is it that Amazon's APIs aren't secure?
Not really sure what the point of this is.
Regardless, how would that white-hack hacker get so much access? Can you do this with Amazon's APIs? I don't really use Amazon APIs to know.
As a family with approximately two hundred of these devices, I had a conversation with my wife that went along the lines of "and spell out precisely what the dangers are"
I think being able to do this - to hack oneself, is a useful indicator as to what doors one is leaving open. I would love to try and turn Alexa into a always on microphone - and love to know how to detect it even more !
Pity that author did not mentioned 2FA.