Users are able to extend Alexa’s capabilities by installing “skills” – additional functionality developed by third-party vendors which can be thought of as apps – such as weather
programs and audio features. The smart assistant, which is found in devices such as the Amazon Echo and Echo Dot -- with over 200 million shipments worldwide -- was found to be vulnerable to attackers seeking user personally identifiable information (PII)
and voice recordings due to its subdomains being susceptible to Cross-Origin Resource Sharing (CORS) misconfiguration and cross-site scripting (XSS) attacks.
Learn more >