Older Amazon Devices Subject to Old Wi-Fi Vulnerability

Older Amazon Devices Subject to Old Wi-Fi Vulnerability
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.

Som old Amazon devices contain an even older Wi-Fi vulnerability that can be exploited in man-in-the-middle attacks.


The vuln - KRACK, or Key Reinstallation Attack - is a flaw in the four-way WPA2 handshake that begins the protected transaction. The vulnerability  leaves the wireless traffic encrypted, but routed through a malicious middle actor that decrypts the data, stores it for use, and then re-encrypts the stream and sends it on its way.


The ESET Smart Home Research Team discovered that first-generation Amazon Echo devices remain subject to the vulnerability, designated CVE-2017-13077, as do Kindle 8th generation e-book readers.


Amazon has issued and distributed a new version of the wpa_supplicant — the vulnerable part of the operating environment. Both Amazon and the researchers strongly suggest that all users make s ..