Older Amazon Devices Subject to Old Wi-Fi Vulnerability


Som old Amazon devices contain an even older Wi-Fi vulnerability that can be exploited in man-in-the-middle attacks.

The vuln – KRACK, or Key Reinstallation Attack – is a flaw in the four-way WPA2 handshake that begins the protected transaction. The vulnerability leaves the wireless traffic encrypted, but routed through a malicious middle actor that decrypts the data, stores it for use, and then re-encrypts the stream and sends it on its way.

The ESET Smart Home Research Team discovered that first-generation Amazon Echo devices remain subject to the vulnerability, designated CVE-2017-13077, as do Kindle 8th generation e-book readers.