Two cybersecurity experts have struck gold, after emerging victorious in the Pwn2Own hacking contest, where they discovered vulnerabilities in Amazon home devices, TechCrunch reports.
Amat Cama and Richard Zhu, who make up Team Fluoroacetate, were awarded $60,000 after they conducted an integer overflow attack on the latest Amazon Echo Show 5, in a hacking exploit that would send chills down the spine of Jeff Bezos.
Old Chromium Version Leaves Room for Vulnerabilities
In their hack, the two men were able to discover that the Echo makes use of older versions of Google’s Chromium open-source browser projects. Given that the Chromium software was an outdated one, the men were able to install a bug, which allowed them to completely control the device by connecting it to a malicious Wi-Fi hotspot. To prevent any outside interference, they conducted their experiment in a radio-frequency shielding enclosure.
The integer overflow bug is rather common, and it occurs due to an attempt by a mathematical operation to create a number, even though it has no space for that in its memory. The number thus overflows and is created outside of the operation’s memory, thus opening up the possibility of a security vulnerability in the device.
As TechCrunch reports, Amazon said it would study the vulnerability and update the patch on the Echo’s security to prevent a recurrence in the future.
Hackathons as Tools for Innovation
Of course, this presents an excellent opportunity for Amazon. Hackathons such as Pwn2Own are usually organized on new tech products as a means of testing their security to see whether they can hold their own when it comes to the best and brightest hackers.
As reported by Fast Company, corporations have begun to embrace the idea of a software-first future. This enables them to see hackathons as a necessity for their operations, from talent retention and hiring to product roadmaps and R&D. Capital One, the popular bank holding company, has made it a habit to conduct hackathons for the past few years now, with several aspects of internal innovations (including pitching ideas, building prototypes of products, creating new products, and more) now hinges on the concept.
With these independent hackathons, security experts can lend their skills to companies, helping them to point out some significant flaws in their design and infrastructure. Rather than dealing with massive rollbacks due to security vulnerabilities, these companies can use hackathons to test a product before launch.
Now that Amazon knows that the latest Echo is susceptible to attacks, they have the perfect opportunity (as well as the perfect information) they need to make positive changes before criminals use the information to cause lasting damage.
Do you feel safe having the Amazon Echo in your home? Let us know in the comments.
Images are courtesy of Twitter, Pixabay, Shutterstock.