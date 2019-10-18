SECURITY BOFFINS have revealed that first-generation Amazon Echo devices are vulnerable to the Krack WPA2 security vulnerability and have urged users to patch their devices as soon as possible.

The Krack flaw, which was first disclosed two years ago, continues to impact millions of older Amazon devices, according to ESET's Smart Home Research Team.

The bug was eventually patched by Amazon earlier this year, after ESET researchers informed the company about it in October 2018.

Dubbed Krack (Key Reinstallation Attack), the vulnerability was discovered by two Belgian security researchers, Frank Piessens and Mathy Vanhoef, in October 2017. It exists in the four-way handshake of the WPA2 protocol, which secured almost all modern WiFi networks at that time.

The researchers found that Krack could allow hackers to carry out attacks against devices on a WPA2 protected network and enabled malicious actors to decrypt information being sent in plain text over WiFi networks.

Last year, ESET researchers carried out some tests to evaluate the security of older Kindle and Echo devices and found that Amazon Echo (first-gen) and Amazon Kindle (eighth-gen) devices were still vulnerable to two Krack vulnerabilities: CVE-2017-13078 and CVE-2017-13077.

The flaws allowed attackers to intercept sensitive details such as session cookies or passwords; forge or inject data packet; disrupt network communication; and much more.

ESET disclosed those vulnerabilities to Amazon on 23 October 2018., and three months later Amazon informed ESET that a patch for the vulnerabilities was ready and that the company would push it to vulnerable devices in the coming weeks.

The patch came in the form of a small programme, wpa_supplicant, which was responsible for authentication to the Wi-Fi network.

While most users of Amazon Echo and Amazon Kindle devices should have the latest firmware installed on their devices, ESET advises users to recheck their Echo and Kindle settings and ensure that they are definitely using the latest firmware for their devices. µ